Update man pages

Bump up version number to 1.16.1, LT revision to 26:1:12
Prevent undefined behavior in decode_length
2025-12-07 18:48:54 +08:00 · 2016-11-13 21:24:32 +09:00 · 2016-11-13 21:21:29 +09:00 · 2016-11-13 21:19:36 +09:00 · 2016-11-13 21:19:36 +09:00
318 changed files with 3431 additions and 7433 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -28,7 +28,6 @@ addons:
    - libevent-dev
    - libjansson-dev
    - libjemalloc-dev
    - libc-ares-dev
    - cmake
    - cmake-data
 before_install:
@@ -55,8 +54,7 @@ before_script:
  - if [ "$CI_BUILD" = "autotools" ]; then ./configure --enable-werror --with-mruby --with-neverbleed LIBSPDYLAY_CFLAGS="-I$SPDYLAY_HOME/lib/includes" LIBSPDYLAY_LIBS="-L$SPDYLAY_HOME/lib/.libs -lspdylay" CPPFLAGS=-fsanitize=address LDFLAGS=-fsanitize=address; fi
  - if [ "$CI_BUILD" = "cmake" ]; then cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DSPDYLAY_INCLUDE_DIR="$SPDYLAY_HOME/lib/includes" -DSPDYLAY_LIBRARY="$SPDYLAY_HOME/lib/.libs/libspdylay.so"; fi
 script:
-  - if [ "$CI_BUILD" = "autotools" ]; then make distcheck; fi
+  - make check
  - if [ "$CI_BUILD" = "cmake" ]; then make check; fi
  # As of April, 23, 2016, golang http2 build fails, probably because
  # the default go version is too old.
  # - cd integration-tests
--- a/9
+++ b/9
@@ -17,14 +17,10 @@ github issues [2].
 Alek Storm
 Alex Nalivko
 Alexis La Goutte
 Amir Pakdel
 Anders Bakken
 Andreas Pohl
 Andy Davies
 Ant Bryan
 Benedikt Christoph Wolters
 Benedikt Christoph Wolters
 Bernard Spil
 Bernard Spil
 Brian Card
 Brian Suh
@@ -52,7 +48,6 @@ Kit Chan
 Kyle Schomp
 Lucas Pardue
 MATSUMOTO Ryosuke
 Matt Rudary
 Mike Conlen
 Mike Frysinger
 Nicholas Hurley
@@ -74,7 +69,6 @@ Tatsuhiko Kubo
 Tatsuhiro Tsujikawa
 Tom Harwood
 Tomasz Buchert
 Tomasz Torcz
 Vernon Tang
 Viacheslav Biriukov
 Viktor Szépe
@@ -84,12 +78,9 @@ Zhuoyun Wei
 acesso
 ayanamist
 bxshi
 clemahieu
 dalf
 es
 fangdingjun
 kumagi
 makovich
 mod-h2-dev
 moparisthebest
 snnn
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -24,13 +24,13 @@
 cmake_minimum_required(VERSION 3.0)
 # XXX using 1.8.90 instead of 1.9.0-DEV
-project(nghttp2 VERSION 1.21.1)
+project(nghttp2 VERSION 1.16.1)
 # See versioning rule:
 #  http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-set(LT_CURRENT  27)
+set(LT_CURRENT  26)
 set(LT_REVISION 1)
-set(LT_AGE      13)
+set(LT_AGE      12)
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 include(Version)
@@ -59,7 +59,6 @@ find_package(PythonInterp)
 # Auto-detection of features that can be toggled
 find_package(OpenSSL 1.0.1)
 find_package(Libev 4.11)
 find_package(Libcares 1.7.5)
 find_package(ZLIB 1.2.3)
 if(OPENSSL_FOUND AND LIBEV_FOUND AND ZLIB_FOUND)
  set(ENABLE_APP_DEFAULT ON)
@@ -110,9 +109,19 @@ foreach(_build_type "Release" "MinSizeRel" "RelWithDebInfo")
  endforeach()
 endforeach()
 #
 # If we're running GCC or clang define _U_ to be "__attribute__((unused))"
 # so we can use _U_ to flag unused function parameters and not get warnings
 # about them. Otherwise, define _U_ to be an empty string so that _U_ used
 # to flag an unused function parameters will compile with other compilers.
 #
 # XXX - similar hints for other compilers?
 #
 if(CMAKE_C_COMPILER_ID MATCHES "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang")
  set(HINT_UNUSED_PARAM   "__attribute__((unused))")
  set(HINT_NORETURN       "__attribute__((noreturn))")
 else()
  set(HINT_UNUSED_PARAM)
  set(HINT_NORETURN)
 endif()
@@ -198,14 +207,6 @@ if(LIBEVENT_FOUND)
  # Must both link the core and openssl libraries.
  set(LIBEVENT_OPENSSL_LIBRARIES ${LIBEVENT_LIBRARIES})
 endif()
 # libc-ares (for src)
 set(HAVE_LIBCARES   ${LIBCARES_FOUND})
 if(LIBCARES_FOUND)
  set(LIBCARES_INCLUDE_DIRS ${LIBCARES_INCLUDE_DIR})
 else()
  set(LIBCARES_INCLUDE_DIRS "")
  set(LIBCARES_LIBRARIES    "")
 endif()
 # jansson (for src/nghttp, src/deflatehd and src/inflatehd)
 set(HAVE_JANSSON    ${JANSSON_FOUND})
 # libxml2 (for src/nghttp)
@@ -303,6 +304,7 @@ include(CheckFunctionExists)
 check_function_exists(_Exit     HAVE__EXIT)
 check_function_exists(accept4   HAVE_ACCEPT4)
 # timerfd_create was added in linux kernel 2.6.25
 include(CheckSymbolExists)
 # XXX does this correctly detect initgroups (un)availability on cygwin?
 check_symbol_exists(initgroups grp.h HAVE_DECL_INITGROUPS)
@@ -314,6 +316,13 @@ if(NOT HAVE_DECL_INITGROUPS AND HAVE_UNISTD_H)
  endif()
 endif()
 check_function_exists(timerfd_create HAVE_TIMERFD_CREATE)
 # Checks for epoll availability, primarily for examples/tiny-nghttpd
 check_symbol_exists(epoll_create sys/epoll.h HAVE_EPOLL)
 if(HAVE_EPOLL AND HAVE_TIMERFD_CREATE)
  set(ENABLE_TINY_NGHTTPD 1)
 endif()
 set(WARNCFLAGS)
 set(WARNCXXFLAGS)
 if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
@@ -490,7 +499,6 @@ message(STATUS "summary of build options:
      OpenSSL:        ${HAVE_OPENSSL} (LIBS='${OPENSSL_LIBRARIES}')
      Libxml2:        ${HAVE_LIBXML2} (LIBS='${LIBXML2_LIBRARIES}')
      Libev:          ${HAVE_LIBEV} (LIBS='${LIBEV_LIBRARIES}')
      Libc-ares:      ${HAVE_LIBCARES} (LIBS='${LIBCARES_LIBRARIES}')
      Libevent(SSL):  ${HAVE_LIBEVENT_OPENSSL} (LIBS='${LIBEVENT_OPENSSL_LIBRARIES}')
      Spdylay:        ${HAVE_SPDYLAY} (LIBS='${SPDYLAY_LIBRARIES}')
      Jansson:        ${HAVE_JANSSON} (LIBS='${JANSSON_LIBRARIES}')
--- a/Makefile.am
+++ b/Makefile.am
@@ -45,8 +45,7 @@ EXTRA_DIST = nghttpx.conf.sample proxy.pac.sample android-config android-make \
 	cmake/Version.cmake \
 	cmake/FindCython.cmake \
 	cmake/FindLibevent.cmake \
-	cmake/FindJansson.cmake \
+	cmake/FindJansson.cmake
 	cmake/FindLibcares.cmake
 .PHONY: clang-format
--- a/README.rst
+++ b/README.rst
@@ -70,7 +70,6 @@ are required:
 * OpenSSL >= 1.0.1
 * libev >= 4.11
 * zlib >= 1.2.3
 * libc-ares >= 1.7.5
 ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
 LibreSSL >= 2.2.0 can be used instead of OpenSSL, but OpenSSL has more
@@ -81,19 +80,11 @@ To enable the SPDY protocol in the application program ``nghttpx`` and
 * spdylay >= 1.3.2
 We no longer recommend to build nghttp2 with SPDY protocol support
 enabled.  SPDY support will be removed soon.
 To enable ``-a`` option (getting linked assets from the downloaded
 resource) in ``nghttp``, the following package is required:
 * libxml2 >= 2.7.7
 To enable systemd support in nghttpx, the following package is
 required:
 * libsystemd-dev >= 209
 The HPACK tools require the following package:
 * jansson >= 2.5
@@ -107,11 +98,6 @@ To mitigate heap fragmentation in long running server programs
 * jemalloc
  .. note::
     Alpine Linux currently does not support malloc replacement
     due to musl limitations. See details in issue `#762 <https://github.com/nghttp2/nghttp2/issues/762>`_.
 libnghttp2_asio C++ library requires the following packages:
 * libboost-dev >= 1.54.0
@@ -123,17 +109,15 @@ The Python bindings require the following packages:
 * python >= 2.7
 * python-setuptools
-If you are using Ubuntu 16.04 LTS (Xenial Xerus) or Debian 8 (jessie)
+If you are using Ubuntu 14.04 LTS (trusty) or Debian 7.0 (wheezy) and above run the following to install the needed packages:
 and above, run the following to install the required packages:
 .. code-block:: text
    sudo apt-get install g++ make binutils autoconf automake autotools-dev libtool pkg-config \
      zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
-      libc-ares-dev libjemalloc-dev libsystemd-dev libspdylay-dev \
+      libjemalloc-dev cython python3-dev python-setuptools
      cython python3-dev python-setuptools
-Since Ubuntu 15.10, spdylay has been available as a package named
+From Ubuntu 15.10, spdylay has been available as a package named
 `libspdylay-dev`.  For the earlier Ubuntu release, you need to build
 it yourself: http://tatsuhiro-t.github.io/spdylay/
@@ -165,7 +149,6 @@ used:
 .. code-block:: text
    $ git submodule update --init
    $ autoreconf -i
    $ automake
    $ autoconf
@@ -176,7 +159,8 @@ To compile the source code, gcc >= 4.8.3 or clang >= 3.4 is required.
 .. note::
-   To enable mruby support in nghttpx, and use ``--with-mruby``
+   To enable mruby support in nghttpx, run ``git submodule update
   --init`` before running configure script, and use ``--with-mruby``
   configure option.
 .. note::
@@ -197,28 +181,6 @@ To compile the source code, gcc >= 4.8.3 or clang >= 3.4 is required.
   applications were not built, then using ``--enable-app`` may find
   that cause, such as the missing dependency.
 .. note::
   In order to detect third party libraries, pkg-config is used
   (however we don't use pkg-config for some libraries (e.g., libev)).
   By default, pkg-config searches ``*.pc`` file in the standard
   locations (e.g., /usr/lib/pkgconfig).  If it is necessary to use
   ``*.pc`` file in the custom location, specify paths to
   ``PKG_CONFIG_PATH`` environment variable, and pass it to configure
   script, like so:
   .. code-block:: text
       $ ./configure PKG_CONFIG_PATH=/path/to/pkgconfig
   For pkg-config managed libraries, ``*_CFLAG`` and ``*_LIBS``
   environment variables are defined (e.g., ``OPENSSL_CFLAGS``,
   ``OPENSSL_LIBS``).  Specifying non-empty string to these variables
   completely overrides pkg-config.  In other words, if they are
   specified, pkg-config is not used for detection, and user is
   responsible to specify the correct values to these variables.  For
   complete list of these variables, run ``./configure -h``.
 Notes for building on Windows (MSVC)
 ------------------------------------
--- a/5
+++ b/5
@@ -39,9 +39,8 @@ PATH="$TOOLCHAIN"/bin:"$PATH"
    --without-libxml2 \
    --disable-python-bindings \
    --disable-examples \
-    --disable-threads \
+    CC="$TOOLCHAIN"/bin/arm-linux-androideabi-gcc \
-    CC="$TOOLCHAIN"/bin/arm-linux-androideabi-clang \
+    CXX="$TOOLCHAIN"/bin/arm-linux-androideabi-g++ \
    CXX="$TOOLCHAIN"/bin/arm-linux-androideabi-clang++ \
    CPPFLAGS="-fPIE -I$PREFIX/include" \
    PKG_CONFIG_LIBDIR="$PREFIX/lib/pkgconfig" \
    LDFLAGS="-fPIE -pie -L$PREFIX/lib"
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,53 +0,0 @@
 # Notes:
 #   - Minimal appveyor.yml file is an empty file. All sections are optional.
 #   - Indent each level of configuration with 2 spaces. Do not use tabs!
 #   - All section names are case-sensitive.
 #   - Section names should be unique on each level.
 #---------------------------------#
 #      general configuration      #
 #---------------------------------#
 # version format
 #version: 0.10.{build}
 # branches to build
 branches:
  # blacklist
  except:
    - gh-pages
 # Do not build on tags (GitHub only)
 skip_tags: true
 #---------------------------------#
 #    environment configuration    #
 #---------------------------------#
 os: Windows Server 2012
 # scripts that run after cloning repository
 install:
  # install Win-Flex-Bison
  #- cmd: cinst winflexbison -y
 #---------------------------------#
 #       build configuration       #
 #---------------------------------#
 # scripts to run before build
 before_build:
  - cmd: cmake .
 # scripts to run *after* solution is built and *before* automatic packaging occurs (web apps, NuGet packages, Azure Cloud Services)
 # before_package:
 # scripts to run after build
 # after_build:
 # to run your custom scripts instead of automatic MSBuild
 build_script:
  - cmd: cmake --build .
 # to disable automatic builds
 # build: off
--- a/cmake/FindLibcares.cmake
+++ b/cmake/FindLibcares.cmake
@@ -1,40 +0,0 @@
 # - Try to find libcares
 # Once done this will define
 #  LIBCARES_FOUND        - System has libcares
 #  LIBCARES_INCLUDE_DIRS - The libcares include directories
 #  LIBCARES_LIBRARIES    - The libraries needed to use libcares
 find_package(PkgConfig QUIET)
 pkg_check_modules(PC_LIBCARES QUIET libcares)
 find_path(LIBCARES_INCLUDE_DIR
  NAMES ares.h
  HINTS ${PC_LIBCARES_INCLUDE_DIRS}
 )
 find_library(LIBCARES_LIBRARY
  NAMES cares
  HINTS ${PC_LIBCARES_LIBRARY_DIRS}
 )
 if(LIBCARES_INCLUDE_DIR)
  set(_version_regex "^#define[ \t]+ARES_VERSION_STR[ \t]+\"([^\"]+)\".*")
  file(STRINGS "${LIBCARES_INCLUDE_DIR}/ares_version.h"
    LIBCARES_VERSION REGEX "${_version_regex}")
  string(REGEX REPLACE "${_version_regex}" "\\1"
    LIBCARES_VERSION "${LIBCARES_VERSION}")
  unset(_version_regex)
 endif()
 include(FindPackageHandleStandardArgs)
 # handle the QUIETLY and REQUIRED arguments and set LIBCARES_FOUND to TRUE
 # if all listed variables are TRUE and the requested version matches.
 find_package_handle_standard_args(Libcares REQUIRED_VARS
                                  LIBCARES_LIBRARY LIBCARES_INCLUDE_DIR
                                  VERSION_VAR LIBCARES_VERSION)
 if(LIBCARES_FOUND)
  set(LIBCARES_LIBRARIES     ${LIBCARES_LIBRARY})
  set(LIBCARES_INCLUDE_DIRS  ${LIBCARES_INCLUDE_DIR})
 endif()
 mark_as_advanced(LIBCARES_INCLUDE_DIR LIBCARES_LIBRARY)
--- a/cmakeconfig.h.in
+++ b/cmakeconfig.h.in
@@ -1,3 +1,7 @@
 /* Hint to the compiler that a function parameter is not used  */
 #define _U_ @HINT_UNUSED_PARAM@
 /* Hint to the compiler that a function never returns */
 #define NGHTTP2_NORETURN @HINT_NORETURN@
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@ dnl Do not change user variables!
 dnl http://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
 AC_PREREQ(2.61)
-AC_INIT([nghttp2], [1.21.1], [t-tujikawa@users.sourceforge.net])
+AC_INIT([nghttp2], [1.16.1], [t-tujikawa@users.sourceforge.net])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h])
@@ -44,9 +44,9 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 dnl See versioning rule:
 dnl  http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-AC_SUBST(LT_CURRENT, 27)
+AC_SUBST(LT_CURRENT, 26)
 AC_SUBST(LT_REVISION, 1)
-AC_SUBST(LT_AGE, 13)
+AC_SUBST(LT_AGE, 12)
 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"`
 minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"`
@@ -119,13 +119,8 @@ AC_ARG_WITH([jemalloc],
 AC_ARG_WITH([spdylay],
    [AS_HELP_STRING([--with-spdylay],
-                    [Use spdylay [default=no]])],
+                    [Use spdylay [default=check]])],
-    [request_spdylay=$withval], [request_spdylay=no])
+    [request_spdylay=$withval], [request_spdylay=check])
 AC_ARG_WITH([systemd],
    [AS_HELP_STRING([--with-systemd],
                    [Enable systemd support in nghttpx [default=check]])],
    [request_systemd=$withval], [request_systemd=check])
 AC_ARG_WITH([mruby],
    [AS_HELP_STRING([--with-mruby],
@@ -176,9 +171,19 @@ else
  AC_SUBST([CYTHON])
 fi
 #
 # If we're running GCC or clang define _U_ to be "__attribute__((unused))"
 # so we can use _U_ to flag unused function parameters and not get warnings
 # about them. Otherwise, define _U_ to be an empty string so that _U_ used
 # to flag an unused function parameters will compile with other compilers.
 #
 # XXX - similar hints for other compilers?
 #
 if test "x$GCC" = "xyes" -o "x$CC" = "xclang" ; then
  AC_DEFINE([_U_], [__attribute__((unused))], [Hint to the compiler that a function parameters is not used])
  AC_DEFINE([NGHTTP2_NORETURN], [__attribute__((noreturn))], [Hint to the compiler that a function never return])
 else
  AC_DEFINE([_U_], , [Hint to the compiler that a function parameter is not used])
  AC_DEFINE([NGHTTP2_NORETURN], , [Hint to the compiler that a function never return])
 fi
@@ -365,13 +370,6 @@ if test "x${have_openssl}" = "xno"; then
  AC_MSG_NOTICE($OPENSSL_PKG_ERRORS)
 fi
 # c-ares (for src)
 PKG_CHECK_MODULES([LIBCARES], [libcares >= 1.7.5], [have_libcares=yes],
                  [have_libcares=no])
 if test "x${have_libcares}" = "xno"; then
  AC_MSG_NOTICE($LIBCARES_PKG_ERRORS)
 fi
 # libevent_openssl (for examples)
 # 2.0.8 is required because we use evconnlistener_set_error_cb()
 PKG_CHECK_MODULES([LIBEVENT_OPENSSL], [libevent_openssl >= 2.0.8],
@@ -390,32 +388,16 @@ else
  AC_MSG_NOTICE($JANSSON_PKG_ERRORS)
 fi
 #  libsystemd (for src/nghttpx)
 have_libsystemd=no
 if test "x${request_systemd}" != "xno"; then
  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 209], [have_libsystemd=yes],
                    [have_libsystemd=no])
  if test "x${have_libsystemd}" = "xyes"; then
    AC_DEFINE([HAVE_LIBSYSTEMD], [1],
              [Define to 1 if you have `libsystemd` library.])
  else
    AC_MSG_NOTICE($SYSTEMD_PKG_ERRORS)
  fi
 fi
 if test "x${request_systemd}" = "xyes" &&
   test "x${have_libsystemd}" != "xyes"; then
  AC_MSG_ERROR([systemd was requested (--with-systemd) but not found])
 fi
 # libxml2 (for src/nghttp)
-PKG_CHECK_MODULES([LIBXML2], [libxml-2.0 >= 2.7.7],
+have_libxml2=no
-                  [have_libxml2=yes], [have_libxml2=no])
+if test "x${request_libxml2}" != "xno"; then
-if test "x${have_libxml2}" = "xyes"; then
+  m4_ifdef([AM_PATH_XML2],
-  AC_DEFINE([HAVE_LIBXML2], [1], [Define to 1 if you have `libxml2` library.])
+    [AM_PATH_XML2(2.7.7, [have_libxml2=yes], [have_libxml2=no])],
-else
+    [AC_MSG_WARN([configure was created without libxml2 detection macro; libxml2 detection is disabled])])
-  AC_MSG_NOTICE($LIBXML2_PKG_ERRORS)
+
  if test "x${have_libxml2}" = "xyes"; then
    AC_DEFINE([HAVE_LIBXML2], [1], [Define to 1 if you have `libxml2` library.])
  fi
 fi
 if test "x${request_libxml2}" = "xyes" &&
@@ -497,14 +479,13 @@ if test "x${request_asio_lib}" = "xyes"; then
  fi
 fi
-# The nghttp, nghttpd and nghttpx under src depend on zlib, OpenSSL,
+# The nghttp, nghttpd and nghttpx under src depend on zlib, OpenSSL
-# libev, and libc-ares.
+# and libev
 enable_app=no
 if test "x${request_app}" != "xno" &&
   test "x${have_zlib}" = "xyes" &&
   test "x${have_openssl}" = "xyes" &&
-   test "x${have_libev}" = "xyes" &&
+   test "x${have_libev}" = "xyes"; then
   test "x${have_libcares}" = "xyes"; then
  enable_app=yes
 fi
@@ -659,26 +640,6 @@ AC_SYS_LARGEFILE
 AC_CHECK_MEMBER([struct tm.tm_gmtoff], [have_struct_tm_tm_gmtoff=yes],
                [have_struct_tm_tm_gmtoff=no], [[#include <time.h>]])
 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
                [AC_DEFINE([HAVE_SOCKADDR_IN_SIN_LEN],[1],
                  [Define to 1 if struct sockaddr_in has sin_len member.])],
                [],
                [[
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 ]])
 AC_CHECK_MEMBER([struct sockaddr_in6.sin6_len],
                [AC_DEFINE([HAVE_SOCKADDR_IN6_SIN6_LEN],[1],
                  [Define to 1 if struct sockaddr_in6 has sin6_len member.])],
                [],
                [[
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 ]])
 if test "x$have_struct_tm_tm_gmtoff" = "xyes"; then
  AC_DEFINE([HAVE_STRUCT_TM_TM_GMTOFF], [1],
            [Define to 1 if you have `struct tm.tm_gmtoff` member.])
@@ -740,6 +701,13 @@ AC_CHECK_DECLS([initgroups], [], [], [[
  #include <grp.h>
 ]])
 # Checks for epoll availability, primarily for examples/tiny-nghttpd
 AX_HAVE_EPOLL([have_epoll=yes], [have_epoll=no])
 AM_CONDITIONAL([ENABLE_TINY_NGHTTPD],
               [ test "x${have_epoll}" = "xyes" &&
                 test "x${have_timerfd_create}" = "xyes"])
 save_CFLAGS=$CFLAGS
 save_CXXFLAGS=$CXXFLAGS
@@ -920,15 +888,13 @@ AC_MSG_NOTICE([summary of build options:
      Failmalloc:     ${enable_failmalloc}
    Libs:
      OpenSSL:        ${have_openssl} (CFLAGS='${OPENSSL_CFLAGS}' LIBS='${OPENSSL_LIBS}')
-      Libxml2:        ${have_libxml2} (CFLAGS='${LIBXML2_CPPFLAGS}' LIBS='${LIBXML2_LIBS}')
+      Libxml2:        ${have_libxml2} (CFLAGS='${XML_CPPFLAGS}' LIBS='${XML_LIBS}')
      Libev:          ${have_libev} (CFLAGS='${LIBEV_CFLAGS}' LIBS='${LIBEV_LIBS}')
      Libc-ares       ${have_libcares} (CFLAGS='${LIBCARES_CFLAGS}' LIBS='${LIBCARES_LIBS}')
      Libevent(SSL):  ${have_libevent_openssl} (CFLAGS='${LIBEVENT_OPENSSL_CFLAGS}' LIBS='${LIBEVENT_OPENSSL_LIBS}')
      Spdylay:        ${have_spdylay} (CFLAGS='${LIBSPDYLAY_CFLAGS}' LIBS='${LIBSPDYLAY_LIBS}')
      Jansson:        ${have_jansson} (CFLAGS='${JANSSON_CFLAGS}' LIBS='${JANSSON_LIBS}')
      Jemalloc:       ${have_jemalloc} (LIBS='${JEMALLOC_LIBS}')
      Zlib:           ${have_zlib} (CFLAGS='${ZLIB_CFLAGS}' LIBS='${ZLIB_LIBS}')
      Systemd:        ${have_libsystemd} (CFLAGS='${SYSTEMD_CFLAGS}' LIBS='${SYSTEMD_LIBS}')
      Boost CPPFLAGS: ${BOOST_CPPFLAGS}
      Boost LDFLAGS:  ${BOOST_LDFLAGS}
      Boost::ASIO:    ${BOOST_ASIO_LIB}
--- a/contrib/nghttpx.service.in
+++ b/contrib/nghttpx.service.in
@@ -1,17 +1,10 @@
 [Unit]
 Description=HTTP/2 proxy
 Documentation=man:nghttpx
 After=network.target
 [Service]
-Type=notify
+Type=forking
-ExecStart=@bindir@/nghttpx --conf=/etc/nghttpx/nghttpx.conf
+ExecStart=@bindir@/nghttpx --conf=/etc/nghttpx/nghttpx.conf --pid-file=/run/nghttpx.pid --daemon
 ExecReload=/bin/kill --signal HUP $MAINPID
 KillSignal=SIGQUIT
 PrivateTmp=yes
 ProtectHome=yes
 ProtectSystem=full
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -62,7 +62,6 @@ APIDOCS= \
 	nghttp2_option_set_max_send_header_block_length.rst \
 	nghttp2_option_set_no_auto_ping_ack.rst \
 	nghttp2_option_set_no_auto_window_update.rst \
 	nghttp2_option_set_no_closed_streams.rst \
 	nghttp2_option_set_no_http_messaging.rst \
 	nghttp2_option_set_no_recv_client_magic.rst \
 	nghttp2_option_set_peer_max_concurrent_streams.rst \
@@ -267,7 +266,7 @@ apiref.rst: \
 $(APIDOCS): apiref.rst
 clean-local:
-	[ $(srcdir) = $(builddir) ] || for i in $(RST_FILES); do [ -e $(builddir)/$$i ] && rm -f $(builddir)/$$i; done
+	[ $(srcdir) = $(builddir) ] || for i in $(RST_FILES); do [ -e $(builddir)/$$i ] && rm $(builddir)/$$i; done
 	-rm -f apiref.rst
 	-rm -f $(APIDOCS)
 	-rm -rf $(BUILDDIR)/*
--- a/doc/bash_completion/nghttpx
+++ b/doc/bash_completion/nghttpx
@@ -8,7 +8,7 @@ _nghttpx()
    _get_comp_words_by_ref cur prev
    case $cur in
        -*)
-            COMPREPLY=( $( compgen -W '--worker-read-rate --include --frontend-http2-dump-response-header --tls-ticket-key-file --verify-client-cacert --max-response-header-fields --backend-http2-window-size --frontend-keep-alive-timeout --backend-request-buffer --max-request-header-fields --fastopen --backend-connect-timeout --tls-max-proto-version --conf --dns-lookup-timeout --backend-http2-max-concurrent-streams --worker-write-burst --npn-list --dns-max-try --fetch-ocsp-response-file --no-via --tls-session-cache-memcached-cert-file --no-http2-cipher-black-list --mruby-file --client-no-http2-cipher-black-list --stream-read-timeout --client-ciphers --forwarded-for --accesslog-syslog --dns-cache-timeout --frontend-http2-read-timeout --listener-disable-timeout --ciphers --client-psk-secrets --strip-incoming-x-forwarded-for --no-server-rewrite --private-key-passwd-file --backend-keep-alive-timeout --backend-http-proxy-uri --frontend-max-requests --rlimit-nofile --tls-ticket-key-memcached-cert-file --ocsp-update-interval --forwarded-by --tls-session-cache-memcached-private-key-file --error-page --backend-write-timeout --tls-dyn-rec-warmup-threshold --tls-ticket-key-memcached-max-retry --frontend-http2-window-size --http2-no-cookie-crumbling --worker-read-burst --dh-param-file --accesslog-format --errorlog-syslog --redirect-https-port --request-header-field-buffer --api-max-request-body --frontend-http2-decoder-dynamic-table-size --errorlog-file --frontend-http2-max-concurrent-streams --psk-secrets --frontend-write-timeout --tls-ticket-key-cipher --read-burst --backend --server-name --insecure --backend-max-backoff --log-level --host-rewrite --tls-ticket-key-memcached-interval --frontend-http2-setting-timeout --frontend-http2-connection-window-size --worker-frontend-connections --syslog-facility --no-server-push --no-location-rewrite --single-thread --tls-session-cache-memcached --no-ocsp --backend-response-buffer --tls-min-proto-version --workers --add-forwarded --worker-write-rate --add-request-header --backend-http2-settings-timeout --subcert --ecdh-curves --no-kqueue --help --frontend-frame-debug --tls-sct-dir --pid-file --frontend-http2-dump-request-header --daemon --write-rate --altsvc --backend-http2-decoder-dynamic-table-size --user --add-x-forwarded-for --frontend-read-timeout --tls-ticket-key-memcached-max-fail --backlog --write-burst --backend-connections-per-host --response-header-field-buffer --tls-ticket-key-memcached-address-family --padding --tls-session-cache-memcached-address-family --stream-write-timeout --cacert --tls-ticket-key-memcached-private-key-file --accesslog-write-early --backend-address-family --backend-http2-connection-window-size --version --add-response-header --backend-read-timeout --frontend-http2-optimize-window-size --frontend --accesslog-file --http2-proxy --backend-http2-encoder-dynamic-table-size --client-private-key-file --client-cert-file --tls-ticket-key-memcached --tls-dyn-rec-idle-timeout --frontend-http2-optimize-write-buffer-size --verify-client --frontend-http2-encoder-dynamic-table-size --read-rate --backend-connections-per-frontend --strip-incoming-forwarded ' -- "$cur" ) )
+            COMPREPLY=( $( compgen -W '--worker-read-rate --include --frontend-http2-dump-response-header --tls-ticket-key-file --verify-client-cacert --max-response-header-fields --backend-http2-window-size --backend-request-buffer --max-request-header-fields --fastopen --tls-ticket-key-memcached --conf --backend-http2-max-concurrent-streams --worker-write-burst --npn-list --fetch-ocsp-response-file --no-via --tls-session-cache-memcached-cert-file --no-http2-cipher-black-list --mruby-file --stream-read-timeout --backend-connect-timeout --forwarded-for --accesslog-syslog --frontend-http2-read-timeout --listener-disable-timeout --ciphers --strip-incoming-x-forwarded-for --no-server-rewrite --private-key-passwd-file --backend-keep-alive-timeout --backend-http-proxy-uri --rlimit-nofile --tls-ticket-key-memcached-cert-file --ocsp-update-interval --forwarded-by --tls-session-cache-memcached-private-key-file --error-page --backend-write-timeout --tls-dyn-rec-warmup-threshold --tls-ticket-key-memcached-max-retry --frontend-http2-window-size --http2-no-cookie-crumbling --worker-read-burst --dh-param-file --accesslog-format --errorlog-syslog --request-header-field-buffer --api-max-request-body --frontend-http2-decoder-dynamic-table-size --errorlog-file --frontend-http2-max-concurrent-streams --frontend-write-timeout --tls-ticket-key-cipher --read-burst --backend --server-name --insecure --backend-max-backoff --log-level --host-rewrite --tls-proto-list --tls-ticket-key-memcached-interval --frontend-http2-setting-timeout --frontend-http2-connection-window-size --worker-frontend-connections --syslog-facility --no-server-push --no-location-rewrite --tls-session-cache-memcached --no-ocsp --frontend-http2-encoder-dynamic-table-size --workers --add-forwarded --worker-write-rate --add-request-header --backend-http2-settings-timeout --subcert --ecdh-curves --no-kqueue --help --frontend-frame-debug --tls-sct-dir --pid-file --frontend-http2-dump-request-header --daemon --write-rate --altsvc --backend-http2-decoder-dynamic-table-size --user --add-x-forwarded-for --frontend-read-timeout --tls-ticket-key-memcached-max-fail --backlog --write-burst --backend-connections-per-host --response-header-field-buffer --tls-ticket-key-memcached-address-family --padding --tls-session-cache-memcached-address-family --stream-write-timeout --cacert --tls-ticket-key-memcached-private-key-file --backend-address-family --backend-http2-connection-window-size --version --add-response-header --backend-read-timeout --frontend-http2-optimize-window-size --frontend --accesslog-file --http2-proxy --backend-http2-encoder-dynamic-table-size --client-private-key-file --client-cert-file --accept-proxy-protocol --tls-dyn-rec-idle-timeout --frontend-http2-optimize-write-buffer-size --verify-client --backend-response-buffer --read-rate --backend-connections-per-frontend --strip-incoming-forwarded ' -- "$cur" ) )
            ;;
        *)
            _filedir
--- a/doc/h2load.1
+++ b/doc/h2load.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "Apr 09, 2017" "1.21.1" "nghttp2"
+.TH "H2LOAD" "1" "Nov 13, 2016" "1.16.1" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
@@ -123,15 +123,13 @@ Add/Override a header to the requests.
 .B \-\-ciphers=<SUITE>
 Set allowed  cipher list.  The  format of the  string is
 described in OpenSSL ciphers(1).
 .sp
 Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-p, \-\-no\-tls\-proto=<PROTOID>
 Specify ALPN identifier of the  protocol to be used when
 accessing http URI without SSL/TLS.
-Available protocols: h2c and
+Available protocols: spdy/2, spdy/3, spdy/3.1, h2c and
 http/1.1
 .sp
 Default: \fBh2c\fP
@@ -233,7 +231,7 @@ NPN.  The parameter must be  delimited by a single comma
 only  and any  white spaces  are  treated as  a part  of
 protocol string.
 .sp
-Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
+Default: \fBh2,h2\-16,h2\-14,spdy/3.1,spdy/3,spdy/2,http/1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
--- a/doc/h2load.1.rst
+++ b/doc/h2load.1.rst
@@ -96,13 +96,11 @@ OPTIONS
    Set allowed  cipher list.  The  format of the  string is
    described in OpenSSL ciphers(1).
    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
 .. option:: -p, --no-tls-proto=<PROTOID>
    Specify ALPN identifier of the  protocol to be used when
    accessing http URI without SSL/TLS.
-    Available protocols: h2c and
+    Available protocols: spdy/2, spdy/3, spdy/3.1, h2c and
    http/1.1
    Default: ``h2c``
@@ -196,7 +194,7 @@ OPTIONS
    only  and any  white spaces  are  treated as  a part  of
    protocol string.
-    Default: ``h2,h2-16,h2-14,http/1.1``
+    Default: ``h2,h2-16,h2-14,spdy/3.1,spdy/3,spdy/2,http/1.1``
 .. option:: --h1
--- a/doc/nghttp.1
+++ b/doc/nghttp.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "Apr 09, 2017" "1.21.1" "nghttp2"
+.TH "NGHTTP" "1" "Nov 13, 2016" "1.16.1" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "Apr 09, 2017" "1.21.1" "nghttp2"
+.TH "NGHTTPD" "1" "Nov 13, 2016" "1.16.1" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "Apr 09, 2017" "1.21.1" "nghttp2"
+.TH "NGHTTPX" "1" "Nov 13, 2016" "1.16.1" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@@ -62,7 +62,8 @@ domain socket  can be  specified by prefixing  path name
 with "unix:" (e.g., unix:/var/run/backend.sock).
 .sp
 Optionally, if <PATTERN>s are given, the backend address
-is  only  used  if  request matches  the  pattern.   The
+is  only  used  if  request  matches  the  pattern.   If
 \fI\%\-\-http2\-proxy\fP  is  used,  <PATTERN>s are  ignored.   The
 pattern  matching is  closely  designed  to ServeMux  in
 net/http package of  Go programming language.  <PATTERN>
 consists of  path, host +  path or just host.   The path
@@ -77,10 +78,7 @@ If host  is given, it  performs exact match  against the
 request host.  If  host alone is given,  "\fI/\fP" is appended
 to it,  so that it  matches all request paths  under the
 host   (e.g.,   specifying   "nghttp2.org"   equals   to
-"nghttp2.org/").  CONNECT  method is  treated specially.
+"nghttp2.org/").
 It does  not have path,  and we don\(aqt allow  empty path.
 To workaround  this, we  assume that CONNECT  method has
 "\fI/\fP" as path.
 .sp
 Patterns with  host take  precedence over  patterns with
 just path.   Then, longer patterns take  precedence over
@@ -122,13 +120,13 @@ together forming  load balancing  group.
 Several parameters <PARAM> are accepted after <PATTERN>.
 The  parameters are  delimited  by  ";".  The  available
 parameters       are:      "proto=<PROTO>",       "tls",
-"sni=<SNI_HOST>",         "fall=<N>",        "rise=<N>",
+"sni=<SNI_HOST>",     "fall=<N>",    "rise=<N>",     and
-"affinity=<METHOD>",  "dns", and  "redirect\-if\-not\-tls".
+"affinity=<METHOD>".  The parameter consists of keyword,
-The  parameter  consists   of  keyword,  and  optionally
+and optionally followed by  "=" and value.  For example,
-followed by  "=" and value.  For  example, the parameter
+the parameter "proto=h2" consists of the keyword "proto"
-"proto=h2"  consists of  the keyword  "proto" and  value
+and  value "h2".   The parameter  "tls" consists  of the
-"h2".  The parameter "tls" consists of the keyword "tls"
+keyword   "tls"  without   value.   Each   parameter  is
-without value.  Each parameter is described as follows.
+described as follows.
 .sp
 The backend application protocol  can be specified using
 optional  "proto"   parameter,  and   in  the   form  of
@@ -177,27 +175,6 @@ session affinity  is desired.  The session  affinity may
 break if one of the backend gets unreachable, or backend
 settings are reloaded or replaced by API.
 .sp
 By default, name resolution of backend host name is done
 at  start  up,  or reloading  configuration.   If  "dns"
 parameter   is  given,   name  resolution   takes  place
 dynamically.  This is useful  if backend address changes
 frequently.   If  "dns"  is given,  name  resolution  of
 backend   host   name   at  start   up,   or   reloading
 configuration is skipped.
 .sp
 If "redirect\-if\-not\-tls" parameter  is used, the matched
 backend  requires   that  frontend  connection   is  TLS
 encrypted.  If it isn\(aqt, nghttpx responds to the request
 with 308  status code, and  https URI the  client should
 use instead  is included in Location  header field.  The
 port number in  redirect URI is 443 by  default, and can
 be  changed using  \fI\%\-\-redirect\-https\-port\fP option.   If at
 least one  backend has  "redirect\-if\-not\-tls" parameter,
 this feature is enabled  for all backend servers sharing
 the   same   <PATTERN>.    It    is   advised   to   set
 "redirect\-if\-no\-tls"    parameter   to    all   backends
 explicitly if this feature is desired.
 .sp
 Since ";" and ":" are  used as delimiter, <PATTERN> must
 not  contain these  characters.  Since  ";" has  special
 meaning in shell, the option value must be quoted.
@@ -233,10 +210,6 @@ specify  "healthmon"  parameter.   This is  disabled  by
 default.  Any  requests which come through  this address
 are replied with 200 HTTP status, without no body.
 .sp
 To  accept   PROXY  protocol   version  1   on  frontend
 connection,  specify  "proxyproto" parameter.   This  is
 disabled by default.
 .sp
 Default: \fB*,3000\fP
 .UNINDENT
 .INDENT 0.0
@@ -244,7 +217,7 @@ Default: \fB*,3000\fP
 .B \-\-backlog=<N>
 Set listen backlog size.
 .sp
-Default: \fB65536\fP
+Default: \fB512\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -272,6 +245,11 @@ timeouts when connecting and  making CONNECT request can
 be     specified    by     \fI\%\-\-backend\-read\-timeout\fP    and
 \fI\%\-\-backend\-write\-timeout\fP options.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-accept\-proxy\-protocol
 Accept PROXY protocol version 1 on frontend connection.
 .UNINDENT
 .SS Performance
 .INDENT 0.0
 .TP
@@ -282,15 +260,6 @@ Default: \fB1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-single\-thread
 Run everything in one  thread inside the worker process.
 This   feature   is   provided  for   better   debugging
 experience,  or  for  the platforms  which  lack  thread
 support.   If  threading  is disabled,  this  option  is
 always enabled.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-read\-rate=<SIZE>
 Set maximum  average read  rate on  frontend connection.
 Setting 0 to this option means read rate is unlimited.
@@ -457,14 +426,6 @@ Default: \fB30s\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-frontend\-keep\-alive\-timeout=<DURATION>
 Specify   keep\-alive   timeout   for   frontend   HTTP/1
 connection.
 .sp
 Default: \fB1m\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-stream\-read\-timeout=<DURATION>
 Specify  read timeout  for HTTP/2  and SPDY  streams.  0
 means no timeout.
@@ -477,7 +438,7 @@ Default: \fB0\fP
 Specify write  timeout for  HTTP/2 and SPDY  streams.  0
 means no timeout.
 .sp
-Default: \fB1m\fP
+Default: \fB0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -504,8 +465,7 @@ Default: \fB30s\fP
 .INDENT 0.0
 .TP
 .B \-\-backend\-keep\-alive\-timeout=<DURATION>
-Specify   keep\-alive   timeout    for   backend   HTTP/1
+Specify keep\-alive timeout for backend connection.
 connection.
 .sp
 Default: \fB2s\fP
 .UNINDENT
@@ -552,18 +512,8 @@ Default: \fB2m\fP
 .INDENT 0.0
 .TP
 .B \-\-ciphers=<SUITE>
-Set allowed  cipher list  for frontend  connection.  The
+Set allowed  cipher list.  The  format of the  string is
-format of the string is described in OpenSSL ciphers(1).
+described in OpenSSL ciphers(1).
 .sp
 Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-client\-ciphers=<SUITE>
 Set  allowed cipher  list for  backend connection.   The
 format of the string is described in OpenSSL ciphers(1).
 .sp
 Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -603,14 +553,9 @@ password protected it\(aqll be requested interactively.
 .B \-\-subcert=<KEYPATH>:<CERTPATH>[[;<PARAM>]...]
 Specify  additional certificate  and  private key  file.
 nghttpx will  choose certificates based on  the hostname
-indicated by client using TLS SNI extension.  If nghttpx
+indicated  by  client  using TLS  SNI  extension.   This
-is  built with  OpenSSL >=  1.0.2, signature  algorithms
+option  can  be  used  multiple  times.   To  make  OCSP
-(e.g., ECDSA+SHA256, RSA+SHA256) presented by client are
+stapling work, <CERTPATH> must be absolute path.
 also taken  into consideration.  This allows  nghttpx to
 send ECDSA certificate to  modern clients, while sending
 RSA based certificate to older clients.  This option can
 be  used multiple  times.  To  make OCSP  stapling work,
 <CERTPATH> must be absolute path.
 .sp
 Additional parameter  can be specified in  <PARAM>.  The
 available <PARAM> is "sct\-dir=<DIR>".
@@ -638,7 +583,7 @@ NPN.  The parameter must be  delimited by a single comma
 only  and any  white spaces  are  treated as  a part  of
 protocol string.
 .sp
-Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
+Default: \fBh2,h2\-16,h2\-14,spdy/3.1,http/1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -666,29 +611,18 @@ backend client authentication.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-min\-proto\-version=<VER>
+.B \-\-tls\-proto\-list=<LIST>
-Specify minimum SSL/TLS protocol.   The name matching is
+Comma delimited list of  SSL/TLS protocol to be enabled.
-done in  case\-insensitive manner.  The  versions between
+The following protocols  are available: TLSv1.2, TLSv1.1
-\fI\%\-\-tls\-min\-proto\-version\fP and  \fI\%\-\-tls\-max\-proto\-version\fP are
+and   TLSv1.0.    The   name   matching   is   done   in
-enabled.  If the protocol list advertised by client does
+case\-insensitive   manner.    The  parameter   must   be
-not  overlap  this range,  you  will  receive the  error
+delimited by  a single comma  only and any  white spaces
-message "unknown protocol".  The available versions are:
+are  treated  as a  part  of  protocol string.   If  the
-TLSv1.2, TLSv1.1, and TLSv1.0
+protocol list advertised by client does not overlap this
 list,  you  will  receive  the  error  message  "unknown
 protocol".
 .sp
-Default: \fBTLSv1.1\fP
+Default: \fBTLSv1.2,TLSv1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-tls\-max\-proto\-version=<VER>
 Specify maximum SSL/TLS protocol.   The name matching is
 done in  case\-insensitive manner.  The  versions between
 \fI\%\-\-tls\-min\-proto\-version\fP and  \fI\%\-\-tls\-max\-proto\-version\fP are
 enabled.  If the protocol list advertised by client does
 not  overlap  this range,  you  will  receive the  error
 message "unknown protocol".  The available versions are:
 TLSv1.2, TLSv1.1, and TLSv1.0
 .sp
 Default: \fBTLSv1.2\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -869,18 +803,9 @@ Default: \fB1s\fP
 .INDENT 0.0
 .TP
 .B \-\-no\-http2\-cipher\-black\-list
-Allow  black  listed  cipher suite  on  frontend  HTTP/2
+Allow black  listed cipher  suite on  HTTP/2 connection.
-connection.                                          See
+See  \fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP  for
-\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP  for  the
+the complete HTTP/2 cipher suites black list.
 complete HTTP/2 cipher suites black list.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-client\-no\-http2\-cipher\-black\-list
 Allow  black  listed  cipher  suite  on  backend  HTTP/2
 connection.                                          See
 \fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP  for  the
 complete HTTP/2 cipher suites black list.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -894,39 +819,6 @@ argument <CERT>, or  certificate option in configuration
 file.   For   additional  certificates,   use  \fI\%\-\-subcert\fP
 option.  This option requires OpenSSL >= 1.0.2.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-psk\-secrets=<PATH>
 Read list of PSK identity and secrets from <PATH>.  This
 is used for frontend connection.  The each line of input
 file  is  formatted  as  <identity>:<hex\-secret>,  where
 <identity> is  PSK identity, and <hex\-secret>  is secret
 in hex.  An  empty line, and line which  starts with \(aq#\(aq
 are skipped.  The default  enabled cipher list might not
 contain any PSK cipher suite.  In that case, desired PSK
 cipher suites  must be  enabled using  \fI\%\-\-ciphers\fP option.
 The  desired PSK  cipher suite  may be  black listed  by
 HTTP/2.   To  use  those   cipher  suites  with  HTTP/2,
 consider  to  use  \fI\%\-\-no\-http2\-cipher\-black\-list\fP  option.
 But be aware its implications.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-client\-psk\-secrets=<PATH>
 Read PSK identity and secrets from <PATH>.  This is used
 for backend connection.  The each  line of input file is
 formatted  as <identity>:<hex\-secret>,  where <identity>
 is PSK identity, and <hex\-secret>  is secret in hex.  An
 empty line, and line which  starts with \(aq#\(aq are skipped.
 The first identity and  secret pair encountered is used.
 The default  enabled cipher  list might not  contain any
 PSK  cipher suite.   In  that case,  desired PSK  cipher
 suites  must be  enabled using  \fI\%\-\-client\-ciphers\fP option.
 The  desired PSK  cipher suite  may be  black listed  by
 HTTP/2.   To  use  those   cipher  suites  with  HTTP/2,
 consider   to  use   \fI\%\-\-client\-no\-http2\-cipher\-black\-list\fP
 option.  But be aware its implications.
 .UNINDENT
 .SS HTTP/2 and SPDY
 .INDENT 0.0
 .TP
@@ -1165,13 +1057,6 @@ Default: \fB$remote_addr \- \- [$time_local] "$request" $status $body_bytes_sent
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-accesslog\-write\-early
 Write  access  log  when   response  header  fields  are
 received   from  backend   rather   than  when   request
 transaction finishes.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-errorlog\-file=<PATH>
 Set path to write error  log.  To reopen file, send USR1
 signal  to nghttpx.   stderr will  be redirected  to the
@@ -1353,7 +1238,7 @@ backend server, the custom error pages are not used.
 .B \-\-server\-name=<NAME>
 Change server response header field value to <NAME>.
 .sp
-Default: \fBnghttpx\fP
+Default: \fBnghttpx nghttp2/1.16.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -1362,15 +1247,6 @@ Don\(aqt rewrite server header field in default mode.  When
 \fI\%\-\-http2\-proxy\fP is used, these headers will not be altered
 regardless of this option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-redirect\-https\-port=<PORT>
 Specify the port number which appears in Location header
 field  when  redirect  to  HTTPS  URI  is  made  due  to
 "redirect\-if\-not\-tls" parameter in \fI\%\-\-backend\fP option.
 .sp
 Default: \fB443\fP
 .UNINDENT
 .SS API
 .INDENT 0.0
 .TP
@@ -1379,43 +1255,6 @@ Set the maximum size of request body for API request.
 .sp
 Default: \fB16K\fP
 .UNINDENT
 .SS DNS
 .INDENT 0.0
 .TP
 .B \-\-dns\-cache\-timeout=<DURATION>
 Set duration that cached DNS results remain valid.  Note
 that nghttpx caches the unsuccessful results as well.
 .sp
 Default: \fB10s\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-dns\-lookup\-timeout=<DURATION>
 Set timeout that  DNS server is given to  respond to the
 initial  DNS  query.  For  the  2nd  and later  queries,
 server is  given time based  on this timeout, and  it is
 scaled linearly.
 .sp
 Default: \fB5s\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-dns\-max\-try=<N>
 Set the number of DNS query before nghttpx gives up name
 lookup.
 .sp
 Default: \fB2\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-frontend\-max\-requests=<N>
 The number  of requests that single  frontend connection
 can process.  For HTTP/2, this  is the number of streams
 in  one  HTTP/2 connection.   For  HTTP/1,  this is  the
 number of keep alive requests.  This is hint to nghttpx,
 and it  may allow additional few  requests.  The default
 value is unlimited.
 .UNINDENT
 .SS Debug
 .INDENT 0.0
 .TP
@@ -1554,35 +1393,6 @@ positional arguments in command\-line, use \fBprivate\-key\-file\fP and
 .sp
 \fI\%\-\-conf\fP option cannot be used in the configuration file and
 will be ignored if specified.
 .TP
 .B Error log
 Error log is written to stderr by default.  It can be configured
 using \fI\%\-\-errorlog\-file\fP\&.  The format of log message is as
 follows:
 .sp
 <datetime> <master\-pid> <current\-pid> <thread\-id> <level> (<filename>:<line>) <msg>
 .INDENT 7.0
 .TP
 .B <datetime>
 It is a conbination of date and time when the log is written.  It
 is in ISO 8601 format.
 .TP
 .B <master\-pid>
 It is a master process ID.
 .TP
 .B <current\-pid>
 It is a process ID which writes this log.
 .TP
 .B <thread\-id>
 It is a thread ID which writes this log.  It would be unique
 within <current\-pid>.
 .TP
 .B <filename> and <line>
 They are source file name, and line number which produce this log.
 .TP
 .B <msg>
 It is a log message body.
 .UNINDENT
 .UNINDENT
 .SH SIGNALS
 .INDENT 0.0
@@ -1597,23 +1407,16 @@ Reload configuration file given in \fI\%\-\-conf\fP\&.
 .TP
 .B SIGUSR1
 Reopen log files.
-.UNINDENT
+.TP
-.sp
+.B SIGUSR2
 SIGUSR2
 .INDENT 0.0
 .INDENT 3.5
 Fork and execute nghttpx.  It will execute the binary in the same
-path with same command\-line arguments and environment variables.  As
+path with same command\-line arguments and environment variables.
-of nghttpx version 1.20.0, the new master process sends SIGQUIT to
+After new process comes up, sending SIGQUIT to the original process
-the original master process when it is ready to serve requests.  For
+to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
-the earlier versions of nghttpx, user has to send SIGQUIT to the
+and SIGHUP is that former is usually used to execute new binary, and
-original master process.
+the master process is newly spawned.  On the other hand, the latter
-.sp
+just reloads configuration file, and the same master process
-The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
+continues to exist.
 is usually used to execute new binary, and the master process is
 newly spawned.  On the other hand, the latter just reloads
 configuration file, and the same master process continues to exist.
 .UNINDENT
 .UNINDENT
 .sp
 \fBNOTE:\fP
@@ -2034,19 +1837,6 @@ completely custom header fields, first call
 existing header fields, and then add required header fields.
 It is an error to call this method twice for a given request.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B send_info(status, headers)
 Send non\-final (informational) response to a client.  \fIstatus\fP
 must be in the range [100, 199], inclusive.  \fIheaders\fP is a
 hash containing response header fields.  Its key must be a
 string, and the associated value must be either string or
 array of strings.  Since this is not a final response, even if
 this method is invoked, request is still forwarded to a
 backend unless \fI\%Nghttpx::Response#return\fP is called.
 This method can be called multiple times.  It cannot be called
 after \fI\%Nghttpx::Response#return\fP is called.
 .UNINDENT
 .UNINDENT
 .SS MRUBY EXAMPLES
 .sp
@@ -2122,18 +1912,15 @@ The request was failed.  No change has been made.
 HTTP status code
 .UNINDENT
 .sp
 Additionally, depending on the API endpoint, \fBdata\fP key may be
 present, and its value contains the API endpoint specific data.
 .sp
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 .sp
 The following section describes available API endpoints.
-.SS POST /api/v1beta1/backendconfig
+.SS PUT /api/v1beta1/backendconfig
 .sp
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see \fI\%FILES\fP section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -2149,27 +1936,9 @@ connections or requests.  It also avoids any process creation as is
 the case with hot swapping with signals.
 .sp
 The one limitation is that only numeric IP address is allowd in
-\fI\%backend\fP in request body unless "dns" parameter
+\fI\%backend\fP in request body while non numeric
-is used while non numeric hostname is allowed in command\-line or
+hostname is allowed in command\-line or configuration file is read
-configuration file is read using \fI\%\-\-conf\fP\&.
+using \fI\%\-\-conf\fP\&.
 .SS GET /api/v1beta1/configrevision
 .sp
 This API returns configuration revision of the current nghttpx.  The
 configuration revision is opaque string, and it changes after each
 reloading by SIGHUP.  With this API, an external application knows
 that whether nghttpx has finished reloading its configuration by
 comparing the configuration revisions between before and after
 reloading.  It is recommended to disable persistent (keep\-alive)
 connection for this purpose in order to avoid to send a request using
 the reused connection which may bound to an old process.
 .sp
 This API returns response including \fBdata\fP key.  Its value is JSON
 object, and it contains at least the following key:
 .INDENT 0.0
 .TP
 .B configRevision
 The configuration revision of the current nghttpx
 .UNINDENT
 .SH SEE ALSO
 .sp
 \fBnghttp(1)\fP, \fBnghttpd(1)\fP, \fBh2load(1)\fP
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@@ -46,7 +46,8 @@ Connections
    with "unix:" (e.g., unix:/var/run/backend.sock).
    Optionally, if <PATTERN>s are given, the backend address
-    is  only  used  if  request matches  the  pattern.   The
+    is  only  used  if  request  matches  the  pattern.   If
    :option:`--http2-proxy`  is  used,  <PATTERN>s are  ignored.   The
    pattern  matching is  closely  designed  to ServeMux  in
    net/http package of  Go programming language.  <PATTERN>
    consists of  path, host +  path or just host.   The path
@@ -61,10 +62,7 @@ Connections
    request host.  If  host alone is given,  "*/*" is appended
    to it,  so that it  matches all request paths  under the
    host   (e.g.,   specifying   "nghttp2.org"   equals   to
-    "nghttp2.org/").  CONNECT  method is  treated specially.
+    "nghttp2.org/").
    It does  not have path,  and we don't allow  empty path.
    To workaround  this, we  assume that CONNECT  method has
    "*/*" as path.
    Patterns with  host take  precedence over  patterns with
    just path.   Then, longer patterns take  precedence over
@@ -106,13 +104,13 @@ Connections
    Several parameters <PARAM> are accepted after <PATTERN>.
    The  parameters are  delimited  by  ";".  The  available
    parameters       are:      "proto=<PROTO>",       "tls",
-    "sni=<SNI_HOST>",         "fall=<N>",        "rise=<N>",
+    "sni=<SNI_HOST>",     "fall=<N>",    "rise=<N>",     and
-    "affinity=<METHOD>",  "dns", and  "redirect-if-not-tls".
+    "affinity=<METHOD>".  The parameter consists of keyword,
-    The  parameter  consists   of  keyword,  and  optionally
+    and optionally followed by  "=" and value.  For example,
-    followed by  "=" and value.  For  example, the parameter
+    the parameter "proto=h2" consists of the keyword "proto"
-    "proto=h2"  consists of  the keyword  "proto" and  value
+    and  value "h2".   The parameter  "tls" consists  of the
-    "h2".  The parameter "tls" consists of the keyword "tls"
+    keyword   "tls"  without   value.   Each   parameter  is
-    without value.  Each parameter is described as follows.
+    described as follows.
    The backend application protocol  can be specified using
    optional  "proto"   parameter,  and   in  the   form  of
@@ -161,27 +159,6 @@ Connections
    break if one of the backend gets unreachable, or backend
    settings are reloaded or replaced by API.
    By default, name resolution of backend host name is done
    at  start  up,  or reloading  configuration.   If  "dns"
    parameter   is  given,   name  resolution   takes  place
    dynamically.  This is useful  if backend address changes
    frequently.   If  "dns"  is given,  name  resolution  of
    backend   host   name   at  start   up,   or   reloading
    configuration is skipped.
    If "redirect-if-not-tls" parameter  is used, the matched
    backend  requires   that  frontend  connection   is  TLS
    encrypted.  If it isn't, nghttpx responds to the request
    with 308  status code, and  https URI the  client should
    use instead  is included in Location  header field.  The
    port number in  redirect URI is 443 by  default, and can
    be  changed using  :option:`--redirect-https-port` option.   If at
    least one  backend has  "redirect-if-not-tls" parameter,
    this feature is enabled  for all backend servers sharing
    the   same   <PATTERN>.    It    is   advised   to   set
    "redirect-if-no-tls"    parameter   to    all   backends
    explicitly if this feature is desired.
    Since ";" and ":" are  used as delimiter, <PATTERN> must
    not  contain these  characters.  Since  ";" has  special
    meaning in shell, the option value must be quoted.
@@ -217,10 +194,6 @@ Connections
    default.  Any  requests which come through  this address
    are replied with 200 HTTP status, without no body.
    To  accept   PROXY  protocol   version  1   on  frontend
    connection,  specify  "proxyproto" parameter.   This  is
    disabled by default.
    Default: ``*,3000``
@@ -228,7 +201,7 @@ Connections
    Set listen backlog size.
-    Default: ``65536``
+    Default: ``512``
 .. option:: --backend-address-family=(auto|IPv4|IPv6)
@@ -254,6 +227,10 @@ Connections
    be     specified    by     :option:`--backend-read-timeout`    and
    :option:`--backend-write-timeout` options.
 .. option:: --accept-proxy-protocol
    Accept PROXY protocol version 1 on frontend connection.
 Performance
 ~~~~~~~~~~~
@@ -264,14 +241,6 @@ Performance
    Default: ``1``
 .. option:: --single-thread
    Run everything in one  thread inside the worker process.
    This   feature   is   provided  for   better   debugging
    experience,  or  for  the platforms  which  lack  thread
    support.   If  threading  is disabled,  this  option  is
    always enabled.
 .. option:: --read-rate=<SIZE>
    Set maximum  average read  rate on  frontend connection.
@@ -422,13 +391,6 @@ Timeout
    Default: ``30s``
 .. option:: --frontend-keep-alive-timeout=<DURATION>
    Specify   keep-alive   timeout   for   frontend   HTTP/1
    connection.
    Default: ``1m``
 .. option:: --stream-read-timeout=<DURATION>
    Specify  read timeout  for HTTP/2  and SPDY  streams.  0
@@ -441,7 +403,7 @@ Timeout
    Specify write  timeout for  HTTP/2 and SPDY  streams.  0
    means no timeout.
-    Default: ``1m``
+    Default: ``0``
 .. option:: --backend-read-timeout=<DURATION>
@@ -464,8 +426,7 @@ Timeout
 .. option:: --backend-keep-alive-timeout=<DURATION>
-    Specify   keep-alive   timeout    for   backend   HTTP/1
+    Specify keep-alive timeout for backend connection.
    connection.
    Default: ``2s``
@@ -510,17 +471,8 @@ SSL/TLS
 .. option:: --ciphers=<SUITE>
-    Set allowed  cipher list  for frontend  connection.  The
+    Set allowed  cipher list.  The  format of the  string is
-    format of the string is described in OpenSSL ciphers(1).
+    described in OpenSSL ciphers(1).
    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
 .. option:: --client-ciphers=<SUITE>
    Set  allowed cipher  list for  backend connection.   The
    format of the string is described in OpenSSL ciphers(1).
    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
 .. option:: --ecdh-curves=<LIST>
@@ -555,14 +507,9 @@ SSL/TLS
    Specify  additional certificate  and  private key  file.
    nghttpx will  choose certificates based on  the hostname
-    indicated by client using TLS SNI extension.  If nghttpx
+    indicated  by  client  using TLS  SNI  extension.   This
-    is  built with  OpenSSL >=  1.0.2, signature  algorithms
+    option  can  be  used  multiple  times.   To  make  OCSP
-    (e.g., ECDSA+SHA256, RSA+SHA256) presented by client are
+    stapling work, <CERTPATH> must be absolute path.
    also taken  into consideration.  This allows  nghttpx to
    send ECDSA certificate to  modern clients, while sending
    RSA based certificate to older clients.  This option can
    be  used multiple  times.  To  make OCSP  stapling work,
    <CERTPATH> must be absolute path.
    Additional parameter  can be specified in  <PARAM>.  The
    available <PARAM> is "sct-dir=<DIR>".
@@ -588,7 +535,7 @@ SSL/TLS
    only  and any  white spaces  are  treated as  a part  of
    protocol string.
-    Default: ``h2,h2-16,h2-14,http/1.1``
+    Default: ``h2,h2-16,h2-14,spdy/3.1,http/1.1``
 .. option:: --verify-client
@@ -610,29 +557,19 @@ SSL/TLS
    Path to  file that  contains client certificate  used in
    backend client authentication.
-.. option:: --tls-min-proto-version=<VER>
+.. option:: --tls-proto-list=<LIST>
-    Specify minimum SSL/TLS protocol.   The name matching is
+    Comma delimited list of  SSL/TLS protocol to be enabled.
-    done in  case-insensitive manner.  The  versions between
+    The following protocols  are available: TLSv1.2, TLSv1.1
-    :option:`--tls-min-proto-version` and  :option:`\--tls-max-proto-version` are
+    and   TLSv1.0.    The   name   matching   is   done   in
-    enabled.  If the protocol list advertised by client does
+    case-insensitive   manner.    The  parameter   must   be
-    not  overlap  this range,  you  will  receive the  error
+    delimited by  a single comma  only and any  white spaces
-    message "unknown protocol".  The available versions are:
+    are  treated  as a  part  of  protocol string.   If  the
-    TLSv1.2, TLSv1.1, and TLSv1.0
+    protocol list advertised by client does not overlap this
    list,  you  will  receive  the  error  message  "unknown
    protocol".
-    Default: ``TLSv1.1``
+    Default: ``TLSv1.2,TLSv1.1``
 .. option:: --tls-max-proto-version=<VER>
    Specify maximum SSL/TLS protocol.   The name matching is
    done in  case-insensitive manner.  The  versions between
    :option:`--tls-min-proto-version` and  :option:`\--tls-max-proto-version` are
    enabled.  If the protocol list advertised by client does
    not  overlap  this range,  you  will  receive the  error
    message "unknown protocol".  The available versions are:
    TLSv1.2, TLSv1.1, and TLSv1.0
    Default: ``TLSv1.2``
 .. option:: --tls-ticket-key-file=<PATH>
@@ -794,17 +731,9 @@ SSL/TLS
 .. option:: --no-http2-cipher-black-list
-    Allow  black  listed  cipher suite  on  frontend  HTTP/2
+    Allow black  listed cipher  suite on  HTTP/2 connection.
-    connection.                                          See
+    See  https://tools.ietf.org/html/rfc7540#appendix-A  for
-    https://tools.ietf.org/html/rfc7540#appendix-A  for  the
+    the complete HTTP/2 cipher suites black list.
    complete HTTP/2 cipher suites black list.
 .. option:: --client-no-http2-cipher-black-list
    Allow  black  listed  cipher  suite  on  backend  HTTP/2
    connection.                                          See
    https://tools.ietf.org/html/rfc7540#appendix-A  for  the
    complete HTTP/2 cipher suites black list.
 .. option:: --tls-sct-dir=<DIR>
@@ -817,37 +746,6 @@ SSL/TLS
    file.   For   additional  certificates,   use  :option:`--subcert`
    option.  This option requires OpenSSL >= 1.0.2.
 .. option:: --psk-secrets=<PATH>
    Read list of PSK identity and secrets from <PATH>.  This
    is used for frontend connection.  The each line of input
    file  is  formatted  as  <identity>:<hex-secret>,  where
    <identity> is  PSK identity, and <hex-secret>  is secret
    in hex.  An  empty line, and line which  starts with '#'
    are skipped.  The default  enabled cipher list might not
    contain any PSK cipher suite.  In that case, desired PSK
    cipher suites  must be  enabled using  :option:`--ciphers` option.
    The  desired PSK  cipher suite  may be  black listed  by
    HTTP/2.   To  use  those   cipher  suites  with  HTTP/2,
    consider  to  use  :option:`--no-http2-cipher-black-list`  option.
    But be aware its implications.
 .. option:: --client-psk-secrets=<PATH>
    Read PSK identity and secrets from <PATH>.  This is used
    for backend connection.  The each  line of input file is
    formatted  as <identity>:<hex-secret>,  where <identity>
    is PSK identity, and <hex-secret>  is secret in hex.  An
    empty line, and line which  starts with '#' are skipped.
    The first identity and  secret pair encountered is used.
    The default  enabled cipher  list might not  contain any
    PSK  cipher suite.   In  that case,  desired PSK  cipher
    suites  must be  enabled using  :option:`--client-ciphers` option.
    The  desired PSK  cipher suite  may be  black listed  by
    HTTP/2.   To  use  those   cipher  suites  with  HTTP/2,
    consider   to  use   :option:`--client-no-http2-cipher-black-list`
    option.  But be aware its implications.
 HTTP/2 and SPDY
 ~~~~~~~~~~~~~~~
@@ -1055,12 +953,6 @@ Logging
    Default: ``$remote_addr - - [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"``
 .. option:: --accesslog-write-early
    Write  access  log  when   response  header  fields  are
    received   from  backend   rather   than  when   request
    transaction finishes.
 .. option:: --errorlog-file=<PATH>
    Set path to write error  log.  To reopen file, send USR1
@@ -1226,7 +1118,7 @@ HTTP
    Change server response header field value to <NAME>.
-    Default: ``nghttpx``
+    Default: ``nghttpx nghttp2/1.16.1``
 .. option:: --no-server-rewrite
@@ -1234,14 +1126,6 @@ HTTP
    :option:`--http2-proxy` is used, these headers will not be altered
    regardless of this option.
 .. option:: --redirect-https-port=<PORT>
    Specify the port number which appears in Location header
    field  when  redirect  to  HTTPS  URI  is  made  due  to
    "redirect-if-not-tls" parameter in :option:`--backend` option.
    Default: ``443``
 API
 ~~~
@@ -1253,42 +1137,6 @@ API
    Default: ``16K``
 DNS
 ~~~
 .. option:: --dns-cache-timeout=<DURATION>
    Set duration that cached DNS results remain valid.  Note
    that nghttpx caches the unsuccessful results as well.
    Default: ``10s``
 .. option:: --dns-lookup-timeout=<DURATION>
    Set timeout that  DNS server is given to  respond to the
    initial  DNS  query.  For  the  2nd  and later  queries,
    server is  given time based  on this timeout, and  it is
    scaled linearly.
    Default: ``5s``
 .. option:: --dns-max-try=<N>
    Set the number of DNS query before nghttpx gives up name
    lookup.
    Default: ``2``
 .. option:: --frontend-max-requests=<N>
    The number  of requests that single  frontend connection
    can process.  For HTTP/2, this  is the number of streams
    in  one  HTTP/2 connection.   For  HTTP/1,  this is  the
    number of keep alive requests.  This is hint to nghttpx,
    and it  may allow additional few  requests.  The default
    value is unlimited.
 Debug
 ~~~~~
@@ -1418,33 +1266,6 @@ FILES
  :option:`--conf` option cannot be used in the configuration file and
  will be ignored if specified.
 Error log
  Error log is written to stderr by default.  It can be configured
  using :option:`--errorlog-file`.  The format of log message is as
  follows:
  <datetime> <master-pid> <current-pid> <thread-id> <level> (<filename>:<line>) <msg>
  <datetime>
    It is a conbination of date and time when the log is written.  It
    is in ISO 8601 format.
  <master-pid>
    It is a master process ID.
  <current-pid>
    It is a process ID which writes this log.
  <thread-id>
    It is a thread ID which writes this log.  It would be unique
    within <current-pid>.
  <filename> and <line>
    They are source file name, and line number which produce this log.
  <msg>
    It is a log message body.
 SIGNALS
 -------
@@ -1460,18 +1281,14 @@ SIGUSR1
  Reopen log files.
 SIGUSR2
  Fork and execute nghttpx.  It will execute the binary in the same
-  path with same command-line arguments and environment variables.  As
+  path with same command-line arguments and environment variables.
-  of nghttpx version 1.20.0, the new master process sends SIGQUIT to
+  After new process comes up, sending SIGQUIT to the original process
-  the original master process when it is ready to serve requests.  For
+  to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
-  the earlier versions of nghttpx, user has to send SIGQUIT to the
+  and SIGHUP is that former is usually used to execute new binary, and
-  original master process.
+  the master process is newly spawned.  On the other hand, the latter
-
+  just reloads configuration file, and the same master process
-  The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
+  continues to exist.
  is usually used to execute new binary, and the master process is
  newly spawned.  On the other hand, the latter just reloads
  configuration file, and the same master process continues to exist.
 .. note::
@@ -1863,18 +1680,6 @@ respectively.
        existing header fields, and then add required header fields.
        It is an error to call this method twice for a given request.
    .. rb:method:: send_info(status, headers)
        Send non-final (informational) response to a client.  *status*
        must be in the range [100, 199], inclusive.  *headers* is a
        hash containing response header fields.  Its key must be a
        string, and the associated value must be either string or
        array of strings.  Since this is not a final response, even if
        this method is invoked, request is still forwarded to a
        backend unless :rb:meth:`Nghttpx::Response#return` is called.
        This method can be called multiple times.  It cannot be called
        after :rb:meth:`Nghttpx::Response#return` is called.
 MRUBY EXAMPLES
 ~~~~~~~~~~~~~~
@@ -1936,20 +1741,17 @@ status
 code
  HTTP status code
 Additionally, depending on the API endpoint, ``data`` key may be
 present, and its value contains the API endpoint specific data.
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 The following section describes available API endpoints.
-POST /api/v1beta1/backendconfig
+PUT /api/v1beta1/backendconfig
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see `FILES`_ section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -1966,28 +1768,9 @@ connections or requests.  It also avoids any process creation as is
 the case with hot swapping with signals.
 The one limitation is that only numeric IP address is allowd in
-:option:`backend <--backend>` in request body unless "dns" parameter
+:option:`backend <--backend>` in request body while non numeric
-is used while non numeric hostname is allowed in command-line or
+hostname is allowed in command-line or configuration file is read
-configuration file is read using :option:`--conf`.
+using :option:`--conf`.
 GET /api/v1beta1/configrevision
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API returns configuration revision of the current nghttpx.  The
 configuration revision is opaque string, and it changes after each
 reloading by SIGHUP.  With this API, an external application knows
 that whether nghttpx has finished reloading its configuration by
 comparing the configuration revisions between before and after
 reloading.  It is recommended to disable persistent (keep-alive)
 connection for this purpose in order to avoid to send a request using
 the reused connection which may bound to an old process.
 This API returns response including ``data`` key.  Its value is JSON
 object, and it contains at least the following key:
 configRevision
  The configuration revision of the current nghttpx
 SEE ALSO
 --------
--- a/doc/nghttpx.h2r
+++ b/doc/nghttpx.h2r
@@ -41,33 +41,6 @@ FILES
  :option:`--conf` option cannot be used in the configuration file and
  will be ignored if specified.
 Error log
  Error log is written to stderr by default.  It can be configured
  using :option:`--errorlog-file`.  The format of log message is as
  follows:
  <datetime> <master-pid> <current-pid> <thread-id> <level> (<filename>:<line>) <msg>
  <datetime>
    It is a conbination of date and time when the log is written.  It
    is in ISO 8601 format.
  <master-pid>
    It is a master process ID.
  <current-pid>
    It is a process ID which writes this log.
  <thread-id>
    It is a thread ID which writes this log.  It would be unique
    within <current-pid>.
  <filename> and <line>
    They are source file name, and line number which produce this log.
  <msg>
    It is a log message body.
 SIGNALS
 -------
@@ -83,18 +56,14 @@ SIGUSR1
  Reopen log files.
 SIGUSR2
  Fork and execute nghttpx.  It will execute the binary in the same
-  path with same command-line arguments and environment variables.  As
+  path with same command-line arguments and environment variables.
-  of nghttpx version 1.20.0, the new master process sends SIGQUIT to
+  After new process comes up, sending SIGQUIT to the original process
-  the original master process when it is ready to serve requests.  For
+  to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
-  the earlier versions of nghttpx, user has to send SIGQUIT to the
+  and SIGHUP is that former is usually used to execute new binary, and
-  original master process.
+  the master process is newly spawned.  On the other hand, the latter
-
+  just reloads configuration file, and the same master process
-  The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
+  continues to exist.
  is usually used to execute new binary, and the master process is
  newly spawned.  On the other hand, the latter just reloads
  configuration file, and the same master process continues to exist.
 .. note::
@@ -486,18 +455,6 @@ respectively.
        existing header fields, and then add required header fields.
        It is an error to call this method twice for a given request.
    .. rb:method:: send_info(status, headers)
        Send non-final (informational) response to a client.  *status*
        must be in the range [100, 199], inclusive.  *headers* is a
        hash containing response header fields.  Its key must be a
        string, and the associated value must be either string or
        array of strings.  Since this is not a final response, even if
        this method is invoked, request is still forwarded to a
        backend unless :rb:meth:`Nghttpx::Response#return` is called.
        This method can be called multiple times.  It cannot be called
        after :rb:meth:`Nghttpx::Response#return` is called.
 MRUBY EXAMPLES
 ~~~~~~~~~~~~~~
@@ -559,20 +516,17 @@ status
 code
  HTTP status code
 Additionally, depending on the API endpoint, ``data`` key may be
 present, and its value contains the API endpoint specific data.
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 The following section describes available API endpoints.
-POST /api/v1beta1/backendconfig
+PUT /api/v1beta1/backendconfig
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see `FILES`_ section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -589,28 +543,9 @@ connections or requests.  It also avoids any process creation as is
 the case with hot swapping with signals.
 The one limitation is that only numeric IP address is allowd in
-:option:`backend <--backend>` in request body unless "dns" parameter
+:option:`backend <--backend>` in request body while non numeric
-is used while non numeric hostname is allowed in command-line or
+hostname is allowed in command-line or configuration file is read
-configuration file is read using :option:`--conf`.
+using :option:`--conf`.
 GET /api/v1beta1/configrevision
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API returns configuration revision of the current nghttpx.  The
 configuration revision is opaque string, and it changes after each
 reloading by SIGHUP.  With this API, an external application knows
 that whether nghttpx has finished reloading its configuration by
 comparing the configuration revisions between before and after
 reloading.  It is recommended to disable persistent (keep-alive)
 connection for this purpose in order to avoid to send a request using
 the reused connection which may bound to an old process.
 This API returns response including ``data`` key.  Its value is JSON
 object, and it contains at least the following key:
 configRevision
  The configuration revision of the current nghttpx
 SEE ALSO
 --------
--- a/doc/programmers-guide.rst
+++ b/doc/programmers-guide.rst
@@ -173,11 +173,6 @@ parsed as 64 bit signed integer.  The sum of data length in the
 following DATA frames must match with the number in "Content-Length"
 header field if it is present (this does not include padding bytes).
 RFC 7230 says that server must not send "Content-Length" in any
 response with 1xx, and 204 status code.  It also says that
 "Content-Length" is not allowed in any response with 200 status code
 to a CONNECT request.  nghttp2 enforces them as well.
 Any deviation results in stream error of type PROTOCOL_ERROR.  If
 error is found in PUSH_PROMISE frame, stream error is raised against
 promised stream.
--- a/doc/sources/building-android-binary.rst
+++ b/doc/sources/building-android-binary.rst
@@ -22,22 +22,24 @@ unpacked:
 .. code-block:: text
    $ build/tools/make_standalone_toolchain.py \
-      --arch arm --api 16 --stl gnustl \
+      --arch arm --api 16 --stl gnustl
      --install-dir $ANDROID_HOME/toolchain
 The API level (``--api``) is not important here because we don't use
 Android specific C/C++ API.
-The dependent libraries, such as OpenSSL, libev, and c-ares should be
+The dependent libraries, such as OpenSSL and libev should be built
-built with the toolchain and installed under
+with the toolchain and installed under ``$ANDROID_HOME/usr/local``.
-``$ANDROID_HOME/usr/local``.  We recommend to build these libraries as
+We recommend to build these libraries as static library to make the
-static library to make the deployment easier.  libxml2 support is
+deployment easier.  libxml2 support is currently disabled.
 currently disabled.
 Although zlib comes with Android NDK, it seems not to be a part of
 public API, so we have to built it for our own.  That also provides us
 proper .pc file as a bonus.
 If SPDY support is required for nghttpx and h2load, build and install
 spdylay as well.
 Before running ``android-config`` and ``android-make``,
 ``ANDROID_HOME`` environment variable must be set to point to the
 correct path.  Also add ``$ANDROID_HOME/toolchain/bin`` to ``PATH``:
@@ -94,26 +96,6 @@ patch, to configure libev, use the following script:
 And run ``make install`` to build and install.
 To configure c-ares, use the following script:
 .. code-block:: sh
    #!/bin/sh -e
    if [ -z "$ANDROID_HOME" ]; then
        echo 'No $ANDROID_HOME specified.'
        exit 1
    fi
    PREFIX=$ANDROID_HOME/usr/local
    TOOLCHAIN=$ANDROID_HOME/toolchain
    PATH=$TOOLCHAIN/bin:$PATH
    ./configure \
        --host=arm-linux-androideabi \
        --build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
        --prefix=$PREFIX \
        --disable-shared
 To configure zlib, use the following script:
 .. code-block:: sh
@@ -143,6 +125,34 @@ To configure zlib, use the following script:
 And run ``make install`` to build and install.
 To configure spdylay, use the following script:
 .. code-block:: sh
    #!/bin/sh -e
    if [ -z "$ANDROID_HOME" ]; then
        echo 'No $ANDROID_HOME specified.'
        exit 1
    fi
    PREFIX=$ANDROID_HOME/usr/local
    TOOLCHAIN=$ANDROID_HOME/toolchain
    PATH=$TOOLCHAIN/bin:$PATH
    ./configure \
        --disable-shared \
        --host=arm-linux-androideabi \
        --build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
        --prefix=$PREFIX \
        --without-libxml2 \
        --disable-src \
        --disable-examples \
        CPPFLAGS="-I$PREFIX/include" \
        PKG_CONFIG_LIBDIR="$PREFIX/lib/pkgconfig" \
        LDFLAGS="-L$PREFIX/lib"
 And run ``make install`` to build and install.
 After prerequisite libraries are prepared, run ``android-config`` and
 then ``android-make`` to compile nghttp2 source files.
--- a/doc/sources/nghttpx-howto.rst
+++ b/doc/sources/nghttpx-howto.rst
@@ -229,18 +229,12 @@ Hot swapping
 nghttpx supports hot swapping using signals.  The hot swapping in
 nghttpx is multi step process.  First send USR2 signal to nghttpx
 process.  It will do fork and execute new executable, using same
-command-line arguments and environment variables.
+command-line arguments and environment variables.  At this point, both
-
+current and new processes can accept requests.  To gracefully shutdown
-As of nghttpx version 1.20.0, that is all you have to do.  The new
+current process, send QUIT signal to current nghttpx process.  When
-master process sends QUIT signal to the original process, when it is
+all existing frontend connections are done, the current process will
-ready to serve requests, to shut it down gracefully.
+exit.  At this point, only new nghttpx process exists and serves
-
+incoming requests.
 For earlier versions of nghttpx, you have to do one more thing.  At
 this point, both current and new processes can accept requests.  To
 gracefully shutdown current process, send QUIT signal to current
 nghttpx process.  When all existing frontend connections are done, the
 current process will exit.  At this point, only new nghttpx process
 exists and serves incoming requests.
 If you want to just reload configuration file without executing new
 binary, send SIGHUP to nghttpx master process.
@@ -349,9 +343,10 @@ requests, do this:
   backend=serv1,3000;/;proto=h2
   backend=serv1,3000;/ws/;proto=http/1.1
-The default backend protocol is HTTP/1.1.
+Note that the backends share the same pattern must have the same
 backend protocol.  The default backend protocol is HTTP/1.1.
-TLS can be enabled per pattern basis:
+TLS can be enabed per pattern basis:
 .. code-block:: text
@@ -361,96 +356,6 @@ TLS can be enabled per pattern basis:
 In the above case, connection to serv1 will be encrypted by TLS.  On
 the other hand, connection to serv2 will not be encrypted by TLS.
 Dynamic hostname lookup
 -----------------------
 By default, nghttpx performs backend hostname lookup at start up, or
 configuration reload, and keeps using them in its entire session.  To
 make nghttpx perform hostname lookup dynamically, use ``dns``
 parameter in :option:`--backend` option, like so:
 .. code-block:: text
   backend=foo.example.com;;dns
 nghttpx will cache resolved addresses for certain period of time.  To
 change this cache period, use :option:`--dns-cache-timeout`.
 Enable PROXY protocol
 ---------------------
 PROXY protocol can be enabled per frontend.  In order to enable PROXY
 protocol, use ``proxyproto`` parameter in :option:`--frontend` option,
 like so:
 .. code-block:: text
   frontend=*,443;proxyproto
 PSK cipher suites
 -----------------
 nghttpx supports pre-shared key (PSK) cipher suites for both frontend
 and backend TLS connections.  For frontend connection, use
 :option:`--psk-secrets` option to specify a file which contains PSK
 identity and secrets.  The format of the file is
 ``<identity>:<hex-secret>``, where ``<identity>`` is PSK identity, and
 ``<hex-secret>`` is PSK secret in hex, like so:
 .. code-block:: text
   client1:9567800e065e078085c241d54a01c6c3f24b3bab71a606600f4c6ad2c134f3b9
   client2:b1376c3f8f6dcf7c886c5bdcceecd1e6f1d708622b6ddd21bda26ebd0c0bca99
 nghttpx server accepts any of the identity and secret pairs in the
 file.  The default cipher suite list does not contain PSK cipher
 suites.  In order to use PSK, PSK cipher suite must be enabled by
 using :option:`--ciphers` option.  The desired PSK cipher suite may be
 listed in `HTTP/2 cipher black list
 <https://tools.ietf.org/html/rfc7540#appendix-A>`_.  In order to use
 such PSK cipher suite with HTTP/2, disable HTTP/2 cipher black list by
 using :option:`--no-http2-cipher-black-list` option.  But you should
 understand its implications.
 At the time of writing, even if only PSK cipher suites are specified
 in :option:`--ciphers` option, certificate and private key are still
 required.
 For backend connection, use :option:`--client-psk-secrets` option to
 specify a file which contains single PSK identity and secret.  The
 format is the same as the file used by :option:`--psk-secrets`
 described above, but only first identity and secret pair is solely
 used, like so:
 .. code-block:: text
   client2:b1376c3f8f6dcf7c886c5bdcceecd1e6f1d708622b6ddd21bda26ebd0c0bca99
 The default cipher suite list does not contain PSK cipher suites.  In
 order to use PSK, PSK cipher suite must be enabled by using
 :option:`--client-ciphers` option.  The desired PSK cipher suite may
 be listed in `HTTP/2 cipher black list
 <https://tools.ietf.org/html/rfc7540#appendix-A>`_.  In order to use
 such PSK cipher suite with HTTP/2, disable HTTP/2 cipher black list by
 using :option:`--client-no-http2-cipher-black-list` option.  But you
 should understand its implications.
 Migration from nghttpx v1.18.x or earlier
 -----------------------------------------
 As of nghttpx v1.19.0, :option:`--ciphers` option only changes cipher
 list for frontend TLS connection.  In order to change cipher list for
 backend connection, use :option:`--client-ciphers` option.
 Similarly, :option:`--no-http2-cipher-black-list` option only disables
 HTTP/2 cipher black list for frontend connection.  In order to disable
 HTTP/2 cipher black list for backend connection, use
 :option:`--client-no-http2-cipher-black-list` option.
 ``--accept-proxy-protocol`` option was deprecated.  Instead, use
 ``proxyproto`` parameter in :option:`--frontend` option to enable
 PROXY protocol support per frontend.
 Migration from nghttpx v1.8.0 or earlier
 ----------------------------------------
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -29,6 +29,10 @@ if(ENABLE_EXAMPLES)
  add_executable(libevent-server  libevent-server.c $<TARGET_OBJECTS:http-parser>)
  add_executable(deflate          deflate.c $<TARGET_OBJECTS:http-parser>)
  if(ENABLE_TINY_NGHTTPD)
    add_executable(tiny-nghttpd tiny-nghttpd.c $<TARGET_OBJECTS:http-parser>)
  endif()
  if(ENABLE_ASIO_LIB)
    foreach(name asio-sv asio-sv2 asio-cl asio-cl2)
      add_executable(${name} ${name}.cc $<TARGET_OBJECTS:http-parser>)
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -51,6 +51,14 @@ libevent_server_SOURCES = libevent-server.c
 deflate_SOURCES = deflate.c
 if ENABLE_TINY_NGHTTPD
 noinst_PROGRAMS += tiny-nghttpd
 tiny_nghttpd_SOURCES = tiny-nghttpd.c
 endif # ENABLE_TINY_NGHTTPD
 if ENABLE_ASIO_LIB
 noinst_PROGRAMS += asio-sv asio-sv2 asio-cl asio-cl2
--- a/examples/client.c
+++ b/examples/client.c
@@ -159,13 +159,10 @@ static void diec(const char *func, int error_code) {
 * bytes actually written. See the documentation of
 * nghttp2_send_callback for the details.
 */
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  struct Connection *connection;
  int rv;
  (void)session;
  (void)flags;
  connection = (struct Connection *)user_data;
  connection->want_io = IO_NONE;
  ERR_clear_error();
@@ -189,13 +186,10 @@ static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
 * |length| bytes. Returns the number of bytes stored in |buf|. See
 * the documentation of nghttp2_recv_callback for the details.
 */
-static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
+static ssize_t recv_callback(nghttp2_session *session _U_, uint8_t *buf,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  struct Connection *connection;
  int rv;
  (void)session;
  (void)flags;
  connection = (struct Connection *)user_data;
  connection->want_io = IO_NONE;
  ERR_clear_error();
@@ -216,10 +210,9 @@ static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
 }
 static int on_frame_send_callback(nghttp2_session *session,
-                                  const nghttp2_frame *frame, void *user_data) {
+                                  const nghttp2_frame *frame,
                                  void *user_data _U_) {
  size_t i;
  (void)user_data;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (nghttp2_session_get_stream_user_data(session, frame->hd.stream_id)) {
@@ -244,10 +237,9 @@ static int on_frame_send_callback(nghttp2_session *session,
 }
 static int on_frame_recv_callback(nghttp2_session *session,
-                                  const nghttp2_frame *frame, void *user_data) {
+                                  const nghttp2_frame *frame,
                                  void *user_data _U_) {
  size_t i;
  (void)user_data;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE) {
@@ -282,11 +274,9 @@ static int on_frame_recv_callback(nghttp2_session *session,
 * we submit GOAWAY and close the session.
 */
 static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
-                                    uint32_t error_code, void *user_data) {
+                                    uint32_t error_code _U_,
                                    void *user_data _U_) {
  struct Request *req;
  (void)error_code;
  (void)user_data;
  req = nghttp2_session_get_stream_user_data(session, stream_id);
  if (req) {
    int rv;
@@ -303,13 +293,11 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
 * The implementation of nghttp2_on_data_chunk_recv_callback type. We
 * use this function to print the received response body.
 */
-static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
+static int on_data_chunk_recv_callback(nghttp2_session *session,
-                                       int32_t stream_id, const uint8_t *data,
+                                       uint8_t flags _U_, int32_t stream_id,
-                                       size_t len, void *user_data) {
+                                       const uint8_t *data, size_t len,
                                       void *user_data _U_) {
  struct Request *req;
  (void)flags;
  (void)user_data;
  req = nghttp2_session_get_stream_user_data(session, stream_id);
  if (req) {
    printf("[INFO] C <---------------------------- S (DATA chunk)\n"
@@ -350,13 +338,10 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) {
 * HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2
 * library supports, we terminate program.
 */
-static int select_next_proto_cb(SSL *ssl, unsigned char **out,
+static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
                                unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
  int rv;
  (void)ssl;
  (void)arg;
  /* nghttp2_select_next_protocol() selects HTTP/2 protocol the
     nghttp2 library supports. */
  rv = nghttp2_select_next_protocol(out, outlen, in, inlen);
--- a/examples/deflate.c
+++ b/examples/deflate.c
@@ -44,7 +44,7 @@ static void deflate(nghttp2_hd_deflater *deflater,
 static int inflate_header_block(nghttp2_hd_inflater *inflater, uint8_t *in,
                                size_t inlen, int final);
-int main() {
+int main(int argc _U_, char **argv _U_) {
  int rv;
  nghttp2_hd_deflater *deflater;
  nghttp2_hd_inflater *inflater;
--- a/examples/libevent-client.c
+++ b/examples/libevent-client.c
@@ -199,27 +199,22 @@ static void print_headers(FILE *f, nghttp2_nv *nva, size_t nvlen) {
 /* nghttp2_send_callback. Here we transmit the |data|, |length| bytes,
   to the network. Because we are using libevent bufferevent, we just
   write those bytes into bufferevent buffer. */
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  struct bufferevent *bev = session_data->bev;
  (void)session;
  (void)flags;
  bufferevent_write(bev, data, length);
  return (ssize_t)length;
 }
 /* nghttp2_on_header_callback: Called when nghttp2 library emits
   single header name/value pair. */
-static int on_header_callback(nghttp2_session *session,
+static int on_header_callback(nghttp2_session *session _U_,
                              const nghttp2_frame *frame, const uint8_t *name,
                              size_t namelen, const uint8_t *value,
-                              size_t valuelen, uint8_t flags, void *user_data) {
+                              size_t valuelen, uint8_t flags _U_,
                              void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  (void)flags;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -234,12 +229,10 @@ static int on_header_callback(nghttp2_session *session,
 /* nghttp2_on_begin_headers_callback: Called when nghttp2 library gets
   started to receive header block. */
-static int on_begin_headers_callback(nghttp2_session *session,
+static int on_begin_headers_callback(nghttp2_session *session _U_,
                                     const nghttp2_frame *frame,
                                     void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -254,11 +247,9 @@ static int on_begin_headers_callback(nghttp2_session *session,
 /* nghttp2_on_frame_recv_callback: Called when nghttp2 library
   received a complete frame from the remote peer. */
-static int on_frame_recv_callback(nghttp2_session *session,
+static int on_frame_recv_callback(nghttp2_session *session _U_,
                                  const nghttp2_frame *frame, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -275,13 +266,11 @@ static int on_frame_recv_callback(nghttp2_session *session,
   is meant to the stream we initiated, print the received data in
   stdout, so that the user can redirect its output to the file
   easily. */
-static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
+static int on_data_chunk_recv_callback(nghttp2_session *session _U_,
-                                       int32_t stream_id, const uint8_t *data,
+                                       uint8_t flags _U_, int32_t stream_id,
-                                       size_t len, void *user_data) {
+                                       const uint8_t *data, size_t len,
                                       void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  (void)flags;
  if (session_data->stream_data->stream_id == stream_id) {
    fwrite(data, 1, len, stdout);
  }
@@ -298,7 +287,7 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
  int rv;
  if (session_data->stream_data->stream_id == stream_id) {
-    fprintf(stderr, "Stream %d closed with error_code=%u\n", stream_id,
+    fprintf(stderr, "Stream %d closed with error_code=%d\n", stream_id,
            error_code);
    rv = nghttp2_session_terminate_session(session, NGHTTP2_NO_ERROR);
    if (rv != 0) {
@@ -311,12 +300,9 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
 /* NPN TLS extension client callback. We check that server advertised
   the HTTP/2 protocol the nghttp2 library supports. If not, exit
   the program. */
-static int select_next_proto_cb(SSL *ssl, unsigned char **out,
+static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
                                unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
  (void)ssl;
  (void)arg;
  if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
    errx(1, "Server did not advertise " NGHTTP2_PROTO_VERSION_ID);
  }
@@ -475,10 +461,8 @@ static void readcb(struct bufferevent *bev, void *ptr) {
   receiving GOAWAY, we check the some conditions on the nghttp2
   library and output buffer of bufferevent. If it indicates we have
   no business to this session, tear down the connection. */
-static void writecb(struct bufferevent *bev, void *ptr) {
+static void writecb(struct bufferevent *bev _U_, void *ptr) {
  http2_session_data *session_data = (http2_session_data *)ptr;
  (void)bev;
  if (nghttp2_session_want_read(session_data->session) == 0 &&
      nghttp2_session_want_write(session_data->session) == 0 &&
      evbuffer_get_length(bufferevent_get_output(session_data->bev)) == 0) {
--- a/examples/libevent-server.c
+++ b/examples/libevent-server.c
@@ -109,23 +109,18 @@ struct app_context {
 static unsigned char next_proto_list[256];
 static size_t next_proto_list_len;
-static int next_proto_cb(SSL *ssl, const unsigned char **data,
+static int next_proto_cb(SSL *s _U_, const unsigned char **data,
-                         unsigned int *len, void *arg) {
+                         unsigned int *len, void *arg _U_) {
  (void)ssl;
  (void)arg;
  *data = next_proto_list;
  *len = (unsigned int)next_proto_list_len;
  return SSL_TLSEXT_ERR_OK;
 }
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
-static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
+static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out,
                                unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
  int rv;
  (void)ssl;
  (void)arg;
  rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, inlen);
@@ -202,10 +197,8 @@ static void add_stream(http2_session_data *session_data,
  }
 }
-static void remove_stream(http2_session_data *session_data,
+static void remove_stream(http2_session_data *session_data _U_,
                          http2_stream_data *stream_data) {
  (void)session_data;
  stream_data->prev->next = stream_data->next;
  if (stream_data->next) {
    stream_data->next->prev = stream_data->prev;
@@ -316,13 +309,10 @@ static int session_recv(http2_session_data *session_data) {
  return 0;
 }
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  struct bufferevent *bev = session_data->bev;
  (void)session;
  (void)flags;
  /* Avoid excessive buffering in server side. */
  if (evbuffer_get_length(bufferevent_get_output(session_data->bev)) >=
      OUTPUT_WOULDBLOCK_THRESHOLD) {
@@ -385,17 +375,13 @@ static char *percent_decode(const uint8_t *value, size_t valuelen) {
  return res;
 }
-static ssize_t file_read_callback(nghttp2_session *session, int32_t stream_id,
+static ssize_t file_read_callback(nghttp2_session *session _U_,
-                                  uint8_t *buf, size_t length,
+                                  int32_t stream_id _U_, uint8_t *buf,
-                                  uint32_t *data_flags,
+                                  size_t length, uint32_t *data_flags,
                                  nghttp2_data_source *source,
-                                  void *user_data) {
+                                  void *user_data _U_) {
  int fd = source->fd;
  ssize_t r;
  (void)session;
  (void)stream_id;
  (void)user_data;
  while ((r = read(fd, buf, length)) == -1 && errno == EINTR)
    ;
  if (r == -1) {
@@ -468,12 +454,10 @@ static int error_reply(nghttp2_session *session,
 static int on_header_callback(nghttp2_session *session,
                              const nghttp2_frame *frame, const uint8_t *name,
                              size_t namelen, const uint8_t *value,
-                              size_t valuelen, uint8_t flags, void *user_data) {
+                              size_t valuelen, uint8_t flags _U_,
                              void *user_data _U_) {
  http2_stream_data *stream_data;
  const char PATH[] = ":path";
  (void)flags;
  (void)user_data;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat != NGHTTP2_HCAT_REQUEST) {
@@ -586,10 +570,9 @@ static int on_frame_recv_callback(nghttp2_session *session,
 }
 static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
-                                    uint32_t error_code, void *user_data) {
+                                    uint32_t error_code _U_, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  http2_stream_data *stream_data;
  (void)error_code;
  stream_data = nghttp2_session_get_stream_user_data(session, stream_id);
  if (!stream_data) {
@@ -642,10 +625,8 @@ static int send_server_connection_header(http2_session_data *session_data) {
 /* readcb for bufferevent after client connection header was
   checked. */
-static void readcb(struct bufferevent *bev, void *ptr) {
+static void readcb(struct bufferevent *bev _U_, void *ptr) {
  http2_session_data *session_data = (http2_session_data *)ptr;
  (void)bev;
  if (session_recv(session_data) != 0) {
    delete_http2_session_data(session_data);
    return;
@@ -677,13 +658,12 @@ static void writecb(struct bufferevent *bev, void *ptr) {
 }
 /* eventcb for bufferevent */
-static void eventcb(struct bufferevent *bev, short events, void *ptr) {
+static void eventcb(struct bufferevent *bev _U_, short events, void *ptr) {
  http2_session_data *session_data = (http2_session_data *)ptr;
  if (events & BEV_EVENT_CONNECTED) {
    const unsigned char *alpn = NULL;
    unsigned int alpnlen = 0;
    SSL *ssl;
    (void)bev;
    fprintf(stderr, "%s connected\n", session_data->client_addr);
@@ -723,11 +703,10 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
 }
 /* callback for evconnlistener */
-static void acceptcb(struct evconnlistener *listener, int fd,
+static void acceptcb(struct evconnlistener *listener _U_, int fd,
                     struct sockaddr *addr, int addrlen, void *arg) {
  app_context *app_ctx = (app_context *)arg;
  http2_session_data *session_data;
  (void)listener;
  session_data = create_http2_session_data(app_ctx, fd, addr, addrlen);
--- a/examples/tiny-nghttpd.c
+++ b/examples/tiny-nghttpd.c
--- a/fuzz/README.rst
+++ b/fuzz/README.rst
@@ -1,33 +0,0 @@
 Fuzzer
 ======
 This directory contains fuzzer target mainly written to integrate
 nghttp2 into `oss-fuzz <https://github.com/google/oss-fuzz>`_.
 fuzz_target.cc contains an entry point of fuzzer.  corpus directory
 contains initial data for fuzzer.
 The file name of initial data under corpus is the lower-cased hex
 string of SHA-256 hash of its own content.
 corpus/h2spec contains input data which was recorded when we ran
 `h2spec <https://github.com/summerwind/h2spec>`_ against nghttpd.
 corpus/nghttp contains input data which was recorded when we ran
 nghttp against nghttpd with some varying command line options of
 nghttp.
 To build fuzz_target.cc, make sure that libnghttp2 is built with
 following compiler/linker flags:
 .. code-block:: text
    CPPFLAGS="-fsanitize-coverage=edge -fsanitize=addres"
    LDFLAGS="-fsanitize-coverage=edge -fsanitize=addres"
 Then, fuzz_target.cc can be built using the following command:
 .. code-block:: text
    $ clang++ -fsanitize-coverage=edge -fsanitize=address -I../lib/includes -std=c++11 fuzz_target.cc ../lib/.libs/libnghttp2.a  /usr/lib/llvm-3.9/lib/libFuzzer.a -o nghttp2_fuzzer
--- a/fuzz/corpus/h2spec/025ca25c8427361ea5498e4c3ba49d20eac5b4332f7b75b8f74bfba5e43f59f8
+++ b/fuzz/corpus/h2spec/025ca25c8427361ea5498e4c3ba49d20eac5b4332f7b75b8f74bfba5e43f59f8
--- a/fuzz/corpus/h2spec/0276779c73bddcebc63b863c23a338b4c827bf6164640ff20a2d64d45a6b3f5a
+++ b/fuzz/corpus/h2spec/0276779c73bddcebc63b863c23a338b4c827bf6164640ff20a2d64d45a6b3f5a
--- a/fuzz/corpus/h2spec/0428d1e3b2364efcc93ffd8fcfff43b378a92c7da44268b9dda2bf32a1178c66
+++ b/fuzz/corpus/h2spec/0428d1e3b2364efcc93ffd8fcfff43b378a92c7da44268b9dda2bf32a1178c66
--- a/fuzz/corpus/h2spec/06bc5f79b7e68e005bd4382bd3a6c6b1b6005c5f7d5783e99baf2f8f7432d71a
+++ b/fuzz/corpus/h2spec/06bc5f79b7e68e005bd4382bd3a6c6b1b6005c5f7d5783e99baf2f8f7432d71a
--- a/fuzz/corpus/h2spec/09f76550ec065944a5d1d52f5d07b1dd87de1f651f80ef82c2815b0248b7dccd
+++ b/fuzz/corpus/h2spec/09f76550ec065944a5d1d52f5d07b1dd87de1f651f80ef82c2815b0248b7dccd
--- a/fuzz/corpus/h2spec/0b39d9df6e1721030667980a41547272ad42377149edcf130b2bf0b76804c61f
+++ b/fuzz/corpus/h2spec/0b39d9df6e1721030667980a41547272ad42377149edcf130b2bf0b76804c61f
@@ -1,2 +0,0 @@
 INVALID CONNECTION PREFACE
--- a/fuzz/corpus/h2spec/0bb4365b02c05540936f9606ca725770a731e73c2144c7b81953dcc4b4f73c32
+++ b/fuzz/corpus/h2spec/0bb4365b02c05540936f9606ca725770a731e73c2144c7b81953dcc4b4f73c32
--- a/fuzz/corpus/h2spec/0d577f6eb853e987b8fdab6ca4615a351ab74bfc75eb0d227acbef6a35bcae39
+++ b/fuzz/corpus/h2spec/0d577f6eb853e987b8fdab6ca4615a351ab74bfc75eb0d227acbef6a35bcae39
--- a/fuzz/corpus/h2spec/0df702020c019dd33d0643c5a2b9a9637d325c8f38b4cc6d3f808b5b2a4169a9
+++ b/fuzz/corpus/h2spec/0df702020c019dd33d0643c5a2b9a9637d325c8f38b4cc6d3f808b5b2a4169a9
--- a/fuzz/corpus/h2spec/0f8054152149c73e64c9f3e83f97e6585c8a51ec2413e7a2e8dfcc444082a5c5
+++ b/fuzz/corpus/h2spec/0f8054152149c73e64c9f3e83f97e6585c8a51ec2413e7a2e8dfcc444082a5c5
--- a/fuzz/corpus/h2spec/105f72bc9184bf47a857ed84e8c2f917946ec7ef3f4720535478b41e097a798a
+++ b/fuzz/corpus/h2spec/105f72bc9184bf47a857ed84e8c2f917946ec7ef3f4720535478b41e097a798a
--- a/fuzz/corpus/h2spec/1368ed7160cc4115e31a8a158af429421570e7363a3b75441edc5d740513b0dc
+++ b/fuzz/corpus/h2spec/1368ed7160cc4115e31a8a158af429421570e7363a3b75441edc5d740513b0dc
--- a/fuzz/corpus/h2spec/1402c49b963994284b0d429edfac603133e0144dba08836f90b1ae164b328800
+++ b/fuzz/corpus/h2spec/1402c49b963994284b0d429edfac603133e0144dba08836f90b1ae164b328800
--- a/fuzz/corpus/h2spec/1468c2cddae629788f6957847b76c09921e984796f6dc482859b119cf4879300
+++ b/fuzz/corpus/h2spec/1468c2cddae629788f6957847b76c09921e984796f6dc482859b119cf4879300
--- a/fuzz/corpus/h2spec/14f66ce296f03e52f039f4fad189d3d70aebe70ecb14ffb1ffe2cd5fc5d1e5f0
+++ b/fuzz/corpus/h2spec/14f66ce296f03e52f039f4fad189d3d70aebe70ecb14ffb1ffe2cd5fc5d1e5f0
--- a/fuzz/corpus/h2spec/17caaf734401d2d25d09a65432789b45aff588c606536e93824b89739a6d07ab
+++ b/fuzz/corpus/h2spec/17caaf734401d2d25d09a65432789b45aff588c606536e93824b89739a6d07ab
--- a/fuzz/corpus/h2spec/195b4a74a62fabc877052454d935ebc543f4d1305e318ccd2ff407517636bed8
+++ b/fuzz/corpus/h2spec/195b4a74a62fabc877052454d935ebc543f4d1305e318ccd2ff407517636bed8
--- a/fuzz/corpus/h2spec/1960fc215485486f3e8ab97f853954e6f11c1f4754ccd83b1603b808878cfa76
+++ b/fuzz/corpus/h2spec/1960fc215485486f3e8ab97f853954e6f11c1f4754ccd83b1603b808878cfa76
--- a/fuzz/corpus/h2spec/1a56272611761f0687dfb0ea37c900f13f429b750c87e6175b234b881bda6248
+++ b/fuzz/corpus/h2spec/1a56272611761f0687dfb0ea37c900f13f429b750c87e6175b234b881bda6248
--- a/fuzz/corpus/h2spec/1d31cd88fae35f2329e201983d11256d2432fcdeb55bfba9634aa88e3794adc6
+++ b/fuzz/corpus/h2spec/1d31cd88fae35f2329e201983d11256d2432fcdeb55bfba9634aa88e3794adc6
--- a/fuzz/corpus/h2spec/1e27187b10c02fe7e151818ddd0722f69830ac04975ddb5a9d83cdc406cbb678
+++ b/fuzz/corpus/h2spec/1e27187b10c02fe7e151818ddd0722f69830ac04975ddb5a9d83cdc406cbb678
--- a/fuzz/corpus/h2spec/1ecace234d8542fbaab35c7c55330e80d8121a0cff19633a56eba8f2182a59df
+++ b/fuzz/corpus/h2spec/1ecace234d8542fbaab35c7c55330e80d8121a0cff19633a56eba8f2182a59df
--- a/fuzz/corpus/h2spec/1f4f3a16f5ad0425e0b38601339096b80a382afa1083a19c4deab11be847502f
+++ b/fuzz/corpus/h2spec/1f4f3a16f5ad0425e0b38601339096b80a382afa1083a19c4deab11be847502f
--- a/fuzz/corpus/h2spec/203a798d4b658be744fe34042038692eaede4d2c1f9e05a27f2410a6e0230132
+++ b/fuzz/corpus/h2spec/203a798d4b658be744fe34042038692eaede4d2c1f9e05a27f2410a6e0230132
--- a/fuzz/corpus/h2spec/21904e842e90becb56ff9748ae962bb543dd5ca188dabc30897726f87403fbce
+++ b/fuzz/corpus/h2spec/21904e842e90becb56ff9748ae962bb543dd5ca188dabc30897726f87403fbce
--- a/fuzz/corpus/h2spec/23df7e0419240a9709b55af68a89c9750332ae5063e36401eae150ce63188fe0
+++ b/fuzz/corpus/h2spec/23df7e0419240a9709b55af68a89c9750332ae5063e36401eae150ce63188fe0
--- a/fuzz/corpus/h2spec/245ba702520fa32cf41d994f5d37e4111fe6203bac35b220d50362d5e986aa91
+++ b/fuzz/corpus/h2spec/245ba702520fa32cf41d994f5d37e4111fe6203bac35b220d50362d5e986aa91
--- a/fuzz/corpus/h2spec/274faf343feb9cb44079316401fee50c647552c99c0550ebfd7a3b736e8db9e5
+++ b/fuzz/corpus/h2spec/274faf343feb9cb44079316401fee50c647552c99c0550ebfd7a3b736e8db9e5
--- a/fuzz/corpus/h2spec/2b042a1dfa3aeed6af58c58a4336f1386633bac75dea2c4b64c02541e7320933
+++ b/fuzz/corpus/h2spec/2b042a1dfa3aeed6af58c58a4336f1386633bac75dea2c4b64c02541e7320933
--- a/fuzz/corpus/h2spec/2d8ec606661a9f12960893aab9a74dd392cbdae104307e8512e5e4113739e93a
+++ b/fuzz/corpus/h2spec/2d8ec606661a9f12960893aab9a74dd392cbdae104307e8512e5e4113739e93a
--- a/fuzz/corpus/h2spec/2e0c8a3ce53e8e3711f781b480efaf9e2526f4ae87c5f5a585d68d6f7f7da13c
+++ b/fuzz/corpus/h2spec/2e0c8a3ce53e8e3711f781b480efaf9e2526f4ae87c5f5a585d68d6f7f7da13c
--- a/fuzz/corpus/h2spec/315e6acba7d715333d0865a8dfc0cd0e7aef8a1f5f420eae3d39067ad78df17d
+++ b/fuzz/corpus/h2spec/315e6acba7d715333d0865a8dfc0cd0e7aef8a1f5f420eae3d39067ad78df17d
--- a/fuzz/corpus/h2spec/3376a2cdde0b98759f14490881328f80b5d3c942de3b1304a0382923ce896f8f
+++ b/fuzz/corpus/h2spec/3376a2cdde0b98759f14490881328f80b5d3c942de3b1304a0382923ce896f8f
--- a/fuzz/corpus/h2spec/35c2719913a19f197fb6484a34c3574da63554ff06f52377b73a9cfc24eb02ca
+++ b/fuzz/corpus/h2spec/35c2719913a19f197fb6484a34c3574da63554ff06f52377b73a9cfc24eb02ca
--- a/fuzz/corpus/h2spec/35ddf0611cd98d025f6a625e7e4a102ba74721a04dfa1811e0968e9a4966d92c
+++ b/fuzz/corpus/h2spec/35ddf0611cd98d025f6a625e7e4a102ba74721a04dfa1811e0968e9a4966d92c
--- a/fuzz/corpus/h2spec/37e9eab291d6bca69510354e1d029cbbbb6113071b2bb13fc9646b5a0447d2cf
+++ b/fuzz/corpus/h2spec/37e9eab291d6bca69510354e1d029cbbbb6113071b2bb13fc9646b5a0447d2cf
--- a/fuzz/corpus/h2spec/381c81f5e4d1b02de39c4f99f21e9793f6ffc82ae0ef6917a8611e8879e05941
+++ b/fuzz/corpus/h2spec/381c81f5e4d1b02de39c4f99f21e9793f6ffc82ae0ef6917a8611e8879e05941
--- a/fuzz/corpus/h2spec/38ac32c81952cc832ade7aea13b0740f76898ccbb1da25f2281da76e50c1d04a
+++ b/fuzz/corpus/h2spec/38ac32c81952cc832ade7aea13b0740f76898ccbb1da25f2281da76e50c1d04a
--- a/fuzz/corpus/h2spec/3e297dd8fcdb50a751c397a505d84e76374b064aa5c71aab33bd9650c9a9d801
+++ b/fuzz/corpus/h2spec/3e297dd8fcdb50a751c397a505d84e76374b064aa5c71aab33bd9650c9a9d801
--- a/fuzz/corpus/h2spec/3e5a57c30a97d3f06a3181f4baf3996053b8572da5f2deee3a636c3bc8dfcc60
+++ b/fuzz/corpus/h2spec/3e5a57c30a97d3f06a3181f4baf3996053b8572da5f2deee3a636c3bc8dfcc60
--- a/fuzz/corpus/h2spec/420b9790375f59a6e8c326391023a0981789c2351817996e0c253bfed708ad82
+++ b/fuzz/corpus/h2spec/420b9790375f59a6e8c326391023a0981789c2351817996e0c253bfed708ad82
--- a/fuzz/corpus/h2spec/43df3c3af62ddd1393269ffcf964f1897063e81da79c971e8af8c1fefa3e3cab
+++ b/fuzz/corpus/h2spec/43df3c3af62ddd1393269ffcf964f1897063e81da79c971e8af8c1fefa3e3cab
--- a/fuzz/corpus/h2spec/443f39c99e1c9ca1908b54153c480754054a57777f22a00d377d745d78e9d193
+++ b/fuzz/corpus/h2spec/443f39c99e1c9ca1908b54153c480754054a57777f22a00d377d745d78e9d193
--- a/fuzz/corpus/h2spec/44f3fc1504a14e693fde420da94f77bf4a44e4e741420291491343f7ae4ecc16
+++ b/fuzz/corpus/h2spec/44f3fc1504a14e693fde420da94f77bf4a44e4e741420291491343f7ae4ecc16
--- a/fuzz/corpus/h2spec/4528e6beb34f695f4df8ddbb7ac85f76a91229d9ba675fc9e09fe12f4a497937
+++ b/fuzz/corpus/h2spec/4528e6beb34f695f4df8ddbb7ac85f76a91229d9ba675fc9e09fe12f4a497937
--- a/fuzz/corpus/h2spec/4534032d57020d2910641561a9f9da021f0fe52ebdbb148ee776ced87bac9b13
+++ b/fuzz/corpus/h2spec/4534032d57020d2910641561a9f9da021f0fe52ebdbb148ee776ced87bac9b13
--- a/fuzz/corpus/h2spec/47c5e9b339f9e7f1dccad5c9f51f211183795660ec81a6bdb5614031d39ebe3a
+++ b/fuzz/corpus/h2spec/47c5e9b339f9e7f1dccad5c9f51f211183795660ec81a6bdb5614031d39ebe3a
--- a/fuzz/corpus/h2spec/48ca2b3f63206aa8f774c3cb33958a806a1debf3d9ccf7b09c2d31256498cda6
+++ b/fuzz/corpus/h2spec/48ca2b3f63206aa8f774c3cb33958a806a1debf3d9ccf7b09c2d31256498cda6
--- a/fuzz/corpus/h2spec/4ddbb54259df7ee7ecbdf9f8b4a0e8f7756b9846f2e2add8dd0df825296d993e
+++ b/fuzz/corpus/h2spec/4ddbb54259df7ee7ecbdf9f8b4a0e8f7756b9846f2e2add8dd0df825296d993e
--- a/fuzz/corpus/h2spec/4e612f3c1dfa468d94bbc3bde202c732b06a9b5f6bc5471c879fa56ec2daa4aa
+++ b/fuzz/corpus/h2spec/4e612f3c1dfa468d94bbc3bde202c732b06a9b5f6bc5471c879fa56ec2daa4aa
--- a/fuzz/corpus/h2spec/55860c89ef796d41b06b3c0fe60a3e6f90709c6a0e7063a8b4057dafa57c878a
+++ b/fuzz/corpus/h2spec/55860c89ef796d41b06b3c0fe60a3e6f90709c6a0e7063a8b4057dafa57c878a
--- a/fuzz/corpus/h2spec/5748e7a24e8d9ecb43de7d1e14519f10d8c669a5a2602fc948bc9a80e6114b63
+++ b/fuzz/corpus/h2spec/5748e7a24e8d9ecb43de7d1e14519f10d8c669a5a2602fc948bc9a80e6114b63
--- a/fuzz/corpus/h2spec/5a13c8e09802e07fd3ceee625307fe48ef29bc66641c4f80ed4593bf8b773f88
+++ b/fuzz/corpus/h2spec/5a13c8e09802e07fd3ceee625307fe48ef29bc66641c4f80ed4593bf8b773f88
--- a/fuzz/corpus/h2spec/5aa30337198b482522a55c90554c93278034ebacc24792509a32aeba466df4e8
+++ b/fuzz/corpus/h2spec/5aa30337198b482522a55c90554c93278034ebacc24792509a32aeba466df4e8
--- a/fuzz/corpus/h2spec/5f3ff3c345ade163ba1ba889d60c1995b7fab68ded6ab052814008d990862c23
+++ b/fuzz/corpus/h2spec/5f3ff3c345ade163ba1ba889d60c1995b7fab68ded6ab052814008d990862c23
--- a/fuzz/corpus/h2spec/5f88a17509a8843ab761bc8cbcfe1a511670ae1a4a434f3d483f942738933a3e
+++ b/fuzz/corpus/h2spec/5f88a17509a8843ab761bc8cbcfe1a511670ae1a4a434f3d483f942738933a3e
--- a/fuzz/corpus/h2spec/60a288333ea7f01d380f2661d387692063ce2ae73b3e5401b716326967b4ce0c
+++ b/fuzz/corpus/h2spec/60a288333ea7f01d380f2661d387692063ce2ae73b3e5401b716326967b4ce0c
--- a/fuzz/corpus/h2spec/63ae750f5fe9469664b6f79cb48c502c3bfc4cb0a950aeba998a72ea6a3d5b2d
+++ b/fuzz/corpus/h2spec/63ae750f5fe9469664b6f79cb48c502c3bfc4cb0a950aeba998a72ea6a3d5b2d
--- a/fuzz/corpus/h2spec/67abeaacb21769a9fb521efa7ebdc8d9ff3443ad5892d75dd6d4f7d541713d33
+++ b/fuzz/corpus/h2spec/67abeaacb21769a9fb521efa7ebdc8d9ff3443ad5892d75dd6d4f7d541713d33
--- a/fuzz/corpus/h2spec/6e3b8913d874a18ec3ab9f74d4fab435b7738e1a14d0754fb79229c4bda9f604
+++ b/fuzz/corpus/h2spec/6e3b8913d874a18ec3ab9f74d4fab435b7738e1a14d0754fb79229c4bda9f604
--- a/fuzz/corpus/h2spec/6fe31187ce1a64bffb0b31ee59618a2ebd483812410e9f8ae5a92fb72ef70885
+++ b/fuzz/corpus/h2spec/6fe31187ce1a64bffb0b31ee59618a2ebd483812410e9f8ae5a92fb72ef70885
--- a/fuzz/corpus/h2spec/71d3c74882a100eaa5aaf9f62659d3b26bcbb8f2055f1add504f599f9051f61e
+++ b/fuzz/corpus/h2spec/71d3c74882a100eaa5aaf9f62659d3b26bcbb8f2055f1add504f599f9051f61e
--- a/fuzz/corpus/h2spec/7232f506e00bee175a3df8d33933fae10c67e501d6cea8e73ce76f4363d0bbea
+++ b/fuzz/corpus/h2spec/7232f506e00bee175a3df8d33933fae10c67e501d6cea8e73ce76f4363d0bbea
--- a/fuzz/corpus/h2spec/7425039321dcbecb1a1ef28849f277f914a889a54d44c1f2566b6ddd5bc83b4f
+++ b/fuzz/corpus/h2spec/7425039321dcbecb1a1ef28849f277f914a889a54d44c1f2566b6ddd5bc83b4f
--- a/fuzz/corpus/h2spec/7487341c630472c46a534223da1173666aaeae9788b144fa2c723204d55cc0a2
+++ b/fuzz/corpus/h2spec/7487341c630472c46a534223da1173666aaeae9788b144fa2c723204d55cc0a2
--- a/fuzz/corpus/h2spec/79207f7d09b6145f3dbfcb9e19835f34e56c7927fda22859e960f5f13bc847a0
+++ b/fuzz/corpus/h2spec/79207f7d09b6145f3dbfcb9e19835f34e56c7927fda22859e960f5f13bc847a0
--- a/fuzz/corpus/h2spec/7a1e1268d329e5f71ebdf74677a6c1a118994d7534d1fb08d631898d67372f5a
+++ b/fuzz/corpus/h2spec/7a1e1268d329e5f71ebdf74677a6c1a118994d7534d1fb08d631898d67372f5a
--- a/fuzz/corpus/h2spec/7c954b010232be9461483803e3e553623d4fc382324d8b8ba53ebf83f0457707
+++ b/fuzz/corpus/h2spec/7c954b010232be9461483803e3e553623d4fc382324d8b8ba53ebf83f0457707
--- a/fuzz/corpus/h2spec/7ce8914993956b04baafaad0668e5c26a87a1c4cf70a6566aa0f199fe3c1dc18
+++ b/fuzz/corpus/h2spec/7ce8914993956b04baafaad0668e5c26a87a1c4cf70a6566aa0f199fe3c1dc18
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tatsuhiro Tsujikawa	6d347e56ef	Update man pages	2016-11-13 21:24:32 +09:00
Tatsuhiro Tsujikawa	751e223692	Bump up version number to 1.16.1, LT revision to 26:1:12	2016-11-13 21:21:29 +09:00
Matt Rudary	b87066da92	Prevent undefined behavior in decode_length	2016-11-13 21:19:36 +09:00
Tatsuhiro Tsujikawa	d8b13bd417	nghttpx: Reset flags as well	2016-11-13 21:19:36 +09:00